Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM and System Support Software



Published: 2024-10-18
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2024-31408
CVE-2024-39290
CVE-2024-47142
CVE-2024-45837
CWE-ID CWE-78
CWE-522
CWE-284
CWE-321
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		IX-MV
Hardware solutions / Firmware

IX-MV7-HB
Hardware solutions / Firmware

IX-MV7-HBT
Hardware solutions / Firmware

IX-MV7-HW
Hardware solutions / Firmware

IX-MV7-HWT
Hardware solutions / Firmware

IX-MV7-HW-JP
Hardware solutions / Firmware

IX-MV7-B
Hardware solutions / Firmware

IX-MV7-BT
Hardware solutions / Firmware

IX-MV7-W
Hardware solutions / Firmware

IX-MV7-WT
Hardware solutions / Firmware

IX-DA
Hardware solutions / Firmware

IX-DAU
Hardware solutions / Firmware

IX-DB
Hardware solutions / Firmware

IX-DBT
Hardware solutions / Firmware

IX-EA
Hardware solutions / Firmware

IX-EAT
Hardware solutions / Firmware

IX-EAU
Hardware solutions / Firmware

IX-DV
Hardware solutions / Firmware

IX-DVT
Hardware solutions / Firmware

IX-DVF
Hardware solutions / Firmware

IX-DVF-P
Hardware solutions / Firmware

IX-DVF-L
Hardware solutions / Firmware

IX-DVM
Hardware solutions / Firmware

IX-DU
Hardware solutions / Firmware

IX-DVF-RA
Hardware solutions / Firmware

IX-DVF-2RA
Hardware solutions / Firmware

IX-BA
Hardware solutions / Firmware

IX-BAU
Hardware solutions / Firmware

IX-BB
Hardware solutions / Firmware

IX-BBT
Hardware solutions / Firmware

IX-FA
Hardware solutions / Firmware

IX-SSA
Hardware solutions / Firmware

IX-SS-2G
Hardware solutions / Firmware

IX-SS-2GT
Hardware solutions / Firmware

IX-SS-2G-N
Hardware solutions / Firmware

IX-BU
Hardware solutions / Firmware

IX-SSA-RA
Hardware solutions / Firmware

IX-SSA-2RA
Hardware solutions / Firmware

IX-RS-B
Hardware solutions / Firmware

IX-RS-BT
Hardware solutions / Firmware

IX-RS-W
Hardware solutions / Firmware

IX-RS-WT
Hardware solutions / Firmware

IXW-MA
Hardware solutions / Firmware

IX-SPMIC
Hardware solutions / Firmware

IXG-2C7
Hardware solutions / Firmware

IXG-2C7-L
Hardware solutions / Firmware

IXG-DM7
Hardware solutions / Firmware

IXG-DM7-HID
Hardware solutions / Firmware

IXG-DM7-HIDA
Hardware solutions / Firmware

IXG-DM7-10K
Hardware solutions / Firmware

IXG-MK
Hardware solutions / Firmware

IXGW-GW
Hardware solutions / Firmware

IXGW-TGW
Hardware solutions / Firmware

IXGW-LC
Hardware solutions / Firmware

IX-SupportTool
Hardware solutions / Firmware

IXG-SupportTool
Hardware solutions / Firmware

Vendor AIPHONE

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) OS Command Injection

EUVDB-ID: #VU98814

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-31408

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote user on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IX-MV: 7.10

IX-MV7-HB: 7.10

IX-MV7-HBT: 7.10

IX-MV7-HW: 7.10

IX-MV7-HWT: 7.10

IX-MV7-HW-JP: 7.10

IX-MV7-B: 7.10

IX-MV7-BT: 7.10

IX-MV7-W: 7.10

IX-MV7-WT: 7.10

IX-DA: 7.10

IX-DAU: 7.10

IX-DB: 7.10

IX-DBT: 7.10

IX-EA: 7.10

IX-EAT: 7.10

IX-EAU: 7.10

IX-DV: 7.11

IX-DVT: 7.11

IX-DVF: 7.11

IX-DVF-P: 7.11

IX-DVF-L: 7.11

IX-DVM: 7.10

IX-DU: 7.11

IX-DVF-RA: 7.11

IX-DVF-2RA: 7.11

IX-BA: 7.10

IX-BAU: 7.10

IX-BB: 7.10

IX-BBT: 7.10

IX-FA: 7.10

IX-SSA: 7.11

IX-SS-2G: 7.10

IX-SS-2GT: 7.10

IX-SS-2G-N: 7.10

IX-BU: 7.11

IX-SSA-RA: 7.11

IX-SSA-2RA: 7.11

IX-RS-B: 7.10

IX-RS-BT: 7.10

IX-RS-W: 7.10

IX-RS-WT: 7.10

IXW-MA: 7.10

IX-SPMIC: 7.10

IXG-2C7: 3.01

IXG-2C7-L: 3.01

IXG-DM7: 3.00

IXG-DM7-HID: 3.00

IXG-DM7-HIDA: 3.00

IXG-DM7-10K: 3.00

IXG-MK: 3.00

IXGW-GW: 3.01

IXGW-TGW: 3.01

IXGW-LC: 3.00

CPE2.3 External links

http://jvn.jp/en/jp/JVN41397971/index.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insufficiently protected credentials

EUVDB-ID: #VU98815

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39290

CWE-ID: CWE-522 - Insufficiently Protected Credentials

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficiently protected credentials. A remote attacker on the local network can obtain sensitive information such as a username and its password in the address book.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IX-MV: 7.10

IX-MV7-HB: 7.10

IX-MV7-HBT: 7.10

IX-MV7-HW: 7.10

IX-MV7-HWT: 7.10

IX-MV7-HW-JP: 7.10

IX-MV7-B: 7.10

IX-MV7-BT: 7.10

IX-MV7-W: 7.10

IX-MV7-WT: 7.10

IX-DA: 7.10

IX-DAU: 7.10

IX-DB: 7.10

IX-DBT: 7.10

IX-EA: 7.10

IX-EAT: 7.10

IX-EAU: 7.10

IX-DV: 7.11

IX-DVT: 7.11

IX-DVF: 7.11

IX-DVF-P: 7.11

IX-DVF-L: 7.11

IX-DVM: 7.10

IX-DU: 7.11

IX-DVF-RA: 7.11

IX-DVF-2RA: 7.11

IX-BA: 7.10

IX-BAU: 7.10

IX-BB: 7.10

IX-BBT: 7.10

IX-FA: 7.10

IX-SSA: 7.11

IX-SS-2G: 7.10

IX-SS-2GT: 7.10

IX-SS-2G-N: 7.10

IX-BU: 7.11

IX-SSA-RA: 7.11

IX-SSA-2RA: 7.11

IX-RS-B: 7.10

IX-RS-BT: 7.10

IX-RS-W: 7.10

IX-RS-WT: 7.10

IXW-MA: 7.10

IX-SPMIC: 7.10

IXG-2C7: 3.01

IXG-2C7-L: 3.01

IXG-DM7: 3.00

IXG-DM7-HID: 3.00

IXG-DM7-HIDA: 3.00

IXG-DM7-10K: 3.00

IXG-MK: 3.00

IXGW-GW: 3.01

IXGW-TGW: 3.01

IXGW-LC: 3.00

CPE2.3 External links

http://jvn.jp/en/jp/JVN41397971/index.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU98816

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47142

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user on the local network can bypass implemented security restrictions and perform unintended operations.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IXG-2C7: 2.03

IXG-2C7-L: 2.03

CPE2.3 External links

http://jvn.jp/en/jp/JVN41397971/index.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use of Hard-coded Cryptographic Key

EUVDB-ID: #VU98818

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45837

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of hard-coded cryptographic key. A remote attacker on the local network can log in to SFTP service and obtain and/or manipulate unauthorized files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IX-MV: 7.30

IX-MV7-HB: 7.31

IX-MV7-HBT: 7.31

IX-MV7-HW: 7.31

IX-MV7-HWT: 7.31

IX-MV7-HW-JP: 7.31

IX-MV7-B: 7.31

IX-MV7-BT: 7.31

IX-MV7-W: 7.31

IX-MV7-WT: 7.31

IX-DA: 7.30

IX-DAU: 7.30

IX-DB: 7.30

IX-DBT: 7.30

IX-EA: 7.30

IX-EAT: 7.30

IX-EAU: 7.30

IX-DV: 7.30

IX-DVT: 7.30

IX-DVF: 7.30

IX-DVF-P: 7.30

IX-DVF-L: All versions

IX-DVM: All versions

IX-DU: All versions

IX-DVF-RA: All versions

IX-DVF-2RA: All versions

IX-BA: All versions

IX-BAU: All versions

IX-BB: All versions

IX-BBT: All versions

IX-FA: 7.30

IX-SSA: 7.30

IX-SS-2G: 7.30

IX-SS-2GT: 7.30

IX-SS-2G-N: 7.30

IX-BU: 7.30

IX-SSA-RA: 7.30

IX-SSA-2RA: 7.30

IX-RS-B: 7.30

IX-RS-BT: 7.30

IX-RS-W: 7.30

IX-RS-WT: 7.30

IXW-MA: 7.30

IX-SPMIC: 7.30

IXG-2C7: 3.01

IXG-2C7-L: 3.01

IXG-DM7: 3.00

IXG-DM7-HID: 3.00

IXG-DM7-HIDA: 3.00

IXG-DM7-10K: 3.00

IXG-MK: 3.00

IXGW-GW: 3.01

IXGW-TGW: 3.01

IXGW-LC: 3.00

IX-SupportTool: 10.3.0.0

IXG-SupportTool: 5.0.2.0

CPE2.3 External links

http://jvn.jp/en/jp/JVN41397971/index.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###