News from 2022-04-05
Meinberg Security Advisory: [MBGSA-2022.01] Meinberg-LANTIME-Firmware V7.04.015 and V6.24.030
Meinberg recommends the update to LANTIME firmware version 7.04.015.
Estimation of severity up to and including
-
LANTIME-Firmware V7.04.014: severity level high (3), medium (1), low (0)
-
LANTIME-Firmware V6.24.029: severity level high (2), medium (0), low (0)
Updated versions:
-
LANTIME firmware: V7.04.015
-
LANTIME firmware: V6.24.030
-
Description of the vulnerabilities
- Third-party software:
- OpenSSL-1.1.1:
-
CVE-2022-0778 - the BN_mod_sqrt() function is vulnerable to DoS attacks (high)
Description:
OpenSSL-1.1.1n security advisory
Fixed in:
V7.04.015 MBGID-10206 and V6.24.030 MBGID-9389
- Expat:
-
CVE-2022-23990, CVE-2022-23990, CVE-2022-23852,
CVE-2022-25315, CVE-2022-25314, CVE-2022-25313,
CVE-2022-25236, CVE-2022-25235 - Various memory overflows (high)
Expat patch notes:
https://www.xml.com/news/2022-03-expat-247/
https://github.com/libexpat/libexpat/blob/R_2_4_7/expat/Changes
Fixed in:
V7.04.015 MBGID-10383 and V6.24.030 MBGID-9391
- LTOS-REST-API (affected as of V7.04.001):
- Root login via REST-API:
-
NOCVE - Authorization bypass "Disable Root Login" (high)
Even with the activated "Disable Root Login" option the root user was still possible to change the configuration via RESTAPI.
Fixed in:
V7.04.015 MBGID-10147
Workaround:
Use a very long passphrase for the root account. In addition a monitoring of log-ins can be established to get aware of root account misuse.
- Remote Access Control via REST-API:
-
NOCVE - Authorization bypass "Remote Access Control" (medium)
It was possible to access the REST-API from a blocked IP address.
Fixed in:
V7.04.015 MBGID-10161
Workaround:
Deactivate the REST-API (under
"System -> General Settings -> Enable REST API"
).
-
Systems affected
All LANTIME firmware versions before V7.04.015 (V6.24.030 respectively) are affected by the respective vulnerabilities. The LANTIME firmware is used by all devices of the LANTIME M series (M100, M200, M300, M400, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000) and the SyncFire product family (SF1000 / SF1100 / SF1200).
Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the respective configuration, network infrastructure and other factors. Therefore, no general statement can be made regarding the actual vulnerability of the systems used.
-
Possible security measures
The respective security updates are included in the LANTIME firmware versions V7.04.015 and V6.24.030. An update to these versions corrects the listed vulnerabilities.
Download the latest LANTIME firmware at:
All updates are now available to Meinberg clients. An update of the LANTIME firmware to the version 7.04.015 is strongly recommended. Clients who cannot install 7.04.015 can use version V6.24.030.
-
Further information
Further details and information are available from the following websites:
If you have any questions or need assistance, please, don’t hesitate to contact your Meinberg Support Service.
-
Acknowledgments
We would like to thank all those who have point us to vulnerabilities, other failures or improvements.
Many thanks!
Description of the vulnerabilities
- Third-party software:
- OpenSSL-1.1.1:
-
CVE-2022-0778 - the BN_mod_sqrt() function is vulnerable to DoS attacks (high)
Description:
OpenSSL-1.1.1n security advisory
Fixed in:
V7.04.015 MBGID-10206 and V6.24.030 MBGID-9389
-
CVE-2022-0778 - the BN_mod_sqrt() function is vulnerable to DoS attacks (high)
- Expat:
-
CVE-2022-23990, CVE-2022-23990, CVE-2022-23852,
CVE-2022-25315, CVE-2022-25314, CVE-2022-25313,
CVE-2022-25236, CVE-2022-25235 - Various memory overflows (high)
Expat patch notes:
https://www.xml.com/news/2022-03-expat-247/
https://github.com/libexpat/libexpat/blob/R_2_4_7/expat/Changes
Fixed in:
V7.04.015 MBGID-10383 and V6.24.030 MBGID-9391
-
CVE-2022-23990, CVE-2022-23990, CVE-2022-23852,
CVE-2022-25315, CVE-2022-25314, CVE-2022-25313,
CVE-2022-25236, CVE-2022-25235 - Various memory overflows (high)
- OpenSSL-1.1.1:
- LTOS-REST-API (affected as of V7.04.001):
- Root login via REST-API:
-
NOCVE - Authorization bypass "Disable Root Login" (high)
Even with the activated "Disable Root Login" option the root user was still possible to change the configuration via RESTAPI.
Fixed in:
V7.04.015 MBGID-10147
Workaround:
Use a very long passphrase for the root account. In addition a monitoring of log-ins can be established to get aware of root account misuse.
-
NOCVE - Authorization bypass "Disable Root Login" (high)
- Remote Access Control via REST-API:
-
NOCVE - Authorization bypass "Remote Access Control" (medium)
It was possible to access the REST-API from a blocked IP address.
Fixed in:
V7.04.015 MBGID-10161
Workaround:
Deactivate the REST-API (under "System -> General Settings -> Enable REST API" ).
-
NOCVE - Authorization bypass "Remote Access Control" (medium)
- Root login via REST-API:
Systems affected
All LANTIME firmware versions before V7.04.015 (V6.24.030 respectively) are affected by the respective vulnerabilities. The LANTIME firmware is used by all devices of the LANTIME M series (M100, M200, M300, M400, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000) and the SyncFire product family (SF1000 / SF1100 / SF1200).
Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the respective configuration, network infrastructure and other factors. Therefore, no general statement can be made regarding the actual vulnerability of the systems used.
Possible security measures
The respective security updates are included in the LANTIME firmware versions V7.04.015 and V6.24.030. An update to these versions corrects the listed vulnerabilities.
Download the latest LANTIME firmware at:All updates are now available to Meinberg clients. An update of the LANTIME firmware to the version 7.04.015 is strongly recommended. Clients who cannot install 7.04.015 can use version V6.24.030.
Further information
Further details and information are available from the following websites:If you have any questions or need assistance, please, don’t hesitate to contact your Meinberg Support Service.
Acknowledgments
We would like to thank all those who have point us to vulnerabilities, other failures or improvements.
Many thanks!