fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Garrett Walk-through Metal Detectors can be Remotely Manipulated

Garrett Walk-through Metal Detectors can be Remotely Manipulated

Two widely used walk-through metal detectors made by Garrett are vulnerable to many remotely exploitable flaws that could severely impair their functionality, thus rendering security checkpoints deficient.

Garrett is a well-known US-based manufacturer of hand-held and walk-through metal detectors commonly deployed in security-critical environments such as sports venues, airports, banks, museums, ministries, and courthouses. 

Security researchers at Cisco Talos have discovered numerous vulnerabilities that could allow attackers to execute commands or read/modify information on the Garret iC Module version 5.0, which is the component that provides network connectivity to Garrett PD 6500i and Garrett MZ 6100.

Also Read: Ways to protect HR data and avoid penalties for data breaches

The nine vulnerabilities disclosed in detail by Cisco Talos are:

  • CVE-2021-21901 and CVE-2021-21903 – Stack-based buffer overflow vulnerabilities enable an unauthenticated threat actor to exploit a buffer overflow condition using a specially-crafted packet. CVSS v3: 9.8 (critical)
  • CVE-2021-21904 – A directory traversal flaw in iC Module enabling an actor to send a specially-crafted command-line argument can lead to an arbitrary file overwrite. CVSS v3 score: 9.1 (critical)
  • CVE-2021-21905 and CVE-2021-21906 – Two stack-based buffer overflow flaws that can be triggered by uploading a malicious file on the target device and forcing the system to call ‘readfile’. CVSS v3: 8.2 (high)
  • CVE-2021-21902 – Authentication bypass vulnerability in the CMA run_server of the iC Module, enabling a threat actor to launch a properly-timed network connection through a sequence of requests, leading to session hijacking. CVSS v3 score: 7.5 (high)
  • CVE-2021-21908 and CVE-2021-21909 – Directory traversal flaws, allowing a threat actor to delete files on the target device by sending specially-crafted command line arguments. CVSS v3 score: 6.0 (medium)
  • CVE-2021-21907 – A directory traversal vulnerability leading to local file inclusion via a specially-crafted command-line argument. CVSS v3 score: 4.9 (medium)

In CVE-2021-21901 and CVE-2021-21903, the iC Module exposes a discovery service on UDP port 6977. This opens up an exploitation path by broadcasting a specially-formatted UDP packet, forcing a reply with sensitive information.

Using this info, an attacker could craft a UDP packet with a sufficiently long CRC field leading to a buffer overflow, allowing remote code execution before any authentication.

Crash indicating the exploitation of CVE-2021-21901
Crash indicating the exploitation of CVE-2021-21901
Source: Cisco Talos

In CVE-2021-21904, the iC Module exposes an authenticated CLI over TCP port 6877. After a client authenticates, they are allowed to send plain-text commands to the device, and one of the potential commands is the creation of new “environment variables.”

Also Read: Data Protection Act of Singapore: Validity in the Post-pandemic World

These variables are underpinned by a key parameter, which is not sanitized or validated. As such, it can lead to unauthenticated arbitrary file creation and code execution as the root user.

Handler function on new environment variables
Handler function on new environment variables
Source: Cisco Talos

Cisco Talos disclosed the above flaws to Garrett on August 17, 2021, and the vendor fixed the identified issues on December 13, 2021.

Admins of walk-through Garrett Metal detectors are urged to upgrade their iC Module CMA software to the latest available version to resolve these vulnerabilities.

If you are unsure how to do that, contact your Garrett sales representative and ask for guidance.

As these vulnerabilities require access to the network used by the metal detector, they will not likely be targeted in mass by threat actors. However, insider threats continue to be a problem and are usually not detected until after the damage is done.

The US government recently warned about insider threats and released a self-assessment tool to help organizations determine their risk posture to insider attacks.

BleepingComputer has reached out to Garrett to learn more about the impact of these vulnerabilities but has not heard back.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us