CISA Warns of PTZOptics Cameras Vulnerability Exploited to Escalate Privileges


The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about critical vulnerabilities identified in PTZOptics PT30X-SDI/NDI cameras.

These vulnerabilities, tracked as CVE-2024-8957 and CVE-2024-8956, could allow attackers to escalate privileges and execute commands with root access.

SIEM as a Service

CVE-2024-8957: Command Injection Vulnerability

The first vulnerability, CVE-2024-8957, is an OS command injection flaw in the PTZOptics PT30X-SDI/NDI cameras.

It allows a remote, authenticated attacker to escalate privileges to root through a crafted payload using the ntp_addr parameter of the /cgi-bin/param.cgi CGI script.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

This vulnerability is related to CWE-78, which deals with improper neutralization of particular elements used in an OS command. 

The possibility of this vulnerability being used in ransomware campaigns remains unknown.

CISA advises users to apply mitigations as per the vendor’s instructions or to discontinue using the affected products if no mitigations are available. This vulnerability must be addressed by November 25, 2024.

CVE-2024-8956: Authentication Bypass Vulnerability

CVE-2024-8956 describes an authentication bypass vulnerability in the same PTZOptics cameras.

This flaw allows remote attackers to bypass authentication for the /cgi-bin/param.cgi CGI script through an insecure direct object reference (IDOR), linked to CWE-287.

When combined with the command injection vulnerability (CVE-2024-8957), attackers can execute code remotely with root privileges. 

As with the first vulnerability, there is no confirmed evidence of this being exploited in ransomware attacks.

However, the risk remains significant, and CISA recommends similar mitigation strategies—either implementing vendor-provided fixes or ceasing the use of the cameras if solutions are not provided.

The deadline for mitigation is also November 25, 2024.

PTZOptics users are strongly encouraged to assess their systems promptly and follow the prescribed actions to mitigate these vulnerabilities.

Failure to address these issues could result in severe security breaches, potentially compromising privacy and security in settings where these cameras are deployed.

Users should remain vigilant and apply timely updates and patches to safeguard against potential threats.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!



Source link