DEENFRELIDESmy.iacboxMeine WiFi Lösung

Security Advisories

IAC-2024-0062024-07–15Radius vulnerability

Severity: Medium
Affected versions: 21.0-p21004 – 21.0-p21561
Fixed version: 21.0-p21566
Related CVEs: CVE-2024-3596
The discovered vulenerability in the RADIUS protocol called Blast-RADIUS affects Radius and iPass authentication on the IACBOX.

Who is affected?
Only systems with activated external authentication method Radius or iPass are affected as plain Radius (without EAP) is in use.
- Note that Radius can also be used as authentication method for WebAdmin logins which is also affected.
- Radius as part of 802.1x is not affected as EAP should always be in use there.

There's a possible MITM attack that can change a denied authentication into a successful authentication.
The attacker needs to craft a matching MD5-HMAC within the clients timeout, so this needs resources and time, so this is not easy to exploit.

Changes
- From now on Radius requests always have the Message-Authenticator attribute set
- There's a new Radius setting in WebAdmin under Login Methods -> External Authentication -> Radius: Force Message Authenticationwhich checks if a Radius response has the attribute Message-Authenticator.
This new option has to be switched on manually as it's maybe not backwards compatible with your Radius server that does not send this attribute.

Further Information
See the blastradius.fail page for more details

IAC-2024-0052024-07–15Multiple webserver vulnerabilities

Severity: High
Affected versions: 21.0-p21004 – 21.0-p21561
Fixed version: 21.0-p21566
Related CVEs: CVE-2024-38477, CVE-2024-38475, CVE-2024-38476, CVE-2024-39884
The webserver shipped with an IACBOX (apache) has multiple vulnerabilities which have been fixed with httpd version2.4.60 and 2.4.61.
As some of the vulnerabilities allow DoS attacks, all users are advised to update their systems to 21.0-p21566.

See the apache changelog for details

IAC-2024-0042024-07–03OpenSSH regreSSHion vulnerability

Severity: High
Affected versions: 21.0-p21004 – 21.0-p21556
Fixed version: 21.0-p21561
Related CVEs: CVE-2024-38477
OpenSSH has a serious remote code execution vulnerability which gets fixed with 21.0-p21561.
See all details in the Qualys report (regreSSHion)
Workaround for systems that can't be updated right now: Disable SSH access from all interfaces or add rules to your firewall so that SSH port (TCP/22) is not reachable.

IAC-2024-0032024-04–12Linux kernel vulnerability

Severity: High
Affected versions: 21.0-p21004 – 21.0-p21530
Fixed version: 21.0-p21543
Related CVEs: CVE-2023-6546
Updated: 2024-04–17
There's a possible local priviledge escalation in the Linux kernel GSM module. Also if the module is not used it can be loaded and exploited
UPDATE: Patchlevel update 21.0-p21543 replaces update 21.0-p21536 which provided a workaround for this issue.

IAC-2024-0022024-03–31liblzma/xz/sshd vulnerability

Severity: Not affected
Related CVEs: CVE-2024-3094
The IACBOX is not affected as the used liblzma version does not contain this vulnerability.

IAC-2024-0012024-02–01OpenSSH vulnerability

Severity: Medium
Affected versions: 21.0-p21004 – 21.0-p21510
Fixed version: 21.0-p21518
Related CVEs: CVE-2023-48795
An OpenSSH connection can be downgraded during handshake (Terrapin attack). As SSH is only rarely used for remote control connections this does not really affect normal operation.

Privacy settings

We use cookies to provide social media features and to analyze traffic to our website. More information

Accept all
Save & close