Rewterz Threat Advisory – Siemens SINEMA Remote Connect Multiple Privilege Escalation Vulnerabilities
April 12, 2019Rewterz Threat Advisory – CVE-2018-16986 – Fortinet FortiAP BLE Stack Memory Corruption Vulnerability
April 15, 2019Severity
High
Analysis Summary
CVE-2018-5379
The shipped version of the Quagga BGP daemon (bgpd) can double free memory when processing certain forms of UPDATE messages, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or allow an attacker to execute arbitrary code.
CVE-2018-5380
The shipped version of the Quagga BGP daemon (bgpd) can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.
The vulnerability could be exploited by an attacker spoofing a malicious BGP code-point. Successful exploitation requires the attacker to be in the position of a configured, trusted BGP peer.
CVE-2018-5381
The shipped version of the Quagga BGP daemon (bgpd) has a bug in its parsing of “Capabilities” in BGP OPEN messages. The parser can enter an infinite loop on invalid capabilities, causing a denial of service.
The vulnerability could be exploited by an attacker spoofing a malicious BGP OPEN message. Successful exploitation requires the attacker to be in the position of a configured, trusted BGP peer.
Impact
- Denial of service
- Execution of arbitrary code
Affected Vendors
Siemens
Affected Products
RUGGEDCOM ROX II
Remediation
Vendor has provided firmware update v2.13.0 to fix these vulnerabilities.
The firmware updates for RUGGEDCOM ROX-based devices can be obtained by contacting the RUGGEDCOM support team.
https://support.industry.siemens.com/my/WW/en/requests#createRequest
Siemens has identified the following specific workarounds and mitigation users can apply to reduce the risk:
- Disable the BGP routing service if not in use in your setup.
- Configure BGP passwords to authenticate BGP neighbors.