Source URL: https://blog.talosintelligence.com/mc-lr-router-and-gocast-zero-day-vulnerabilities-2/
Source: Cisco Talos Blog
Title: MC LR Router and GoCast unpatched vulnerabilities
Feedly Summary: Cisco Talos’ Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule
AI Summary and Description: Yes
Summary: The text discusses multiple vulnerabilities recently identified in the MC Technologies LR Router and the GoCast service. These vulnerabilities pose significant security risks as they have not yet been patched, affecting critical functionalities such as authentication and command execution.
Detailed Description:
– **Vulnerabilities Identified**: Cisco Talos’ Vulnerability Research team discovered two vulnerabilities in the MC Technologies LR Router and three in the GoCast service, which can lead to OS command injection attacks.
– **Affected Components**:
– **MC Technologies LR Router**:
– Supports IPsec, OpenVPN, and firewall capabilities.
– Allows remote management via HTTP and SNMP.
– Configurable alerting via SMS and email.
– Involves two-port and four-port variants, including serial-to-TCP translations and digital I/O.
– Two advisories detail vulnerabilities noted as TALOS-2024-1953 and TALOS-2024-1954, which include multiple CVEs.
– **GoCast Service**:
– Provides BGP routing for load balancing.
– The HTTP API is vulnerable due to a lack of authentication, allowing unauthorized access and exploitation.
**Key Vulnerabilities**:
– For MC Technologies LR Router:
– **TALOS-2024-1953**: Covers three vulnerabilities (CVE-2024-28025 to CVE-2024-28027) potentially exploitable through the I/O configuration functionality of the web interface.
– **TALOS-2024-1954**: Involves a vulnerability (CVE-2024-21786) related to configuration file uploads.
– For GoCast Service:
– **TALOS-2024-1962**: Highlights lack of authentication for HTTP API actions.
– **TALOS-2024-1960**: Exploitable via OS command injection.
– **TALOS-2024-1961**: Allows arbitrary command execution.
**Practical Implications**:
– **Patch Management**: Organizations using these technologies must prioritize finding patches or workarounds to mitigate these vulnerabilities.
– **Security Measures**: Immediate awareness and action plans should be implemented to prevent potential exploits, especially in environments that heavily depend on the affected services for security and management functions.
– **Regular Monitoring**: Security professionals should monitor the Talos Intelligence website for the latest advisories and rule sets from Snort.org that can aid in identifying and blocking potential exploit attempts.
In summary, the vulnerabilities pose critical risks for organizations relying on these technologies, highlighting the need for proactive security measures and swift reactions to vulnerabilities in infrastructure.