Description
A critical vulnerability has been identified in the NTP address configuration mechanism of PTZOptics PT30X-SDI/NDI cameras, specifically in firmware versions prior to 6.3.40. This vulnerability allows for OS command injections, posing serious security risks if exploited in conjunction with other vulnerabilities such as CVE-2024-8956.
Affected Product(s)
- PTZOptics PT30X-NDI-xx-G2
- PT30X-SDI
Technical Details
The PTZOptics PT30X-SDI/NDI-xx series is known for its robust camera solutions, widely utilized for live streaming and video conferencing purposes. These cameras, however, have been found to possess severe security vulnerabilities which could potentially expose sensitive data and allow unauthorized code execution.
The primary vulnerability, identified as CVE-2024-8957, affects firmware versions prior to 6.3.40. It arises due to insufficient validation of the ntp_addr configuration value. NTP, which stands for Network Time Protocol, is used to synchronize clocks over a network. In this context, the vulnerable configuration parameter could be exploited to execute arbitrary OS commands via the ntp_client when triggered maliciously. This is particularly problematic when combined with another vulnerability, CVE-2024-8956, which allows inadequate authentication enforcement, exposing the system to unauthorized access and manipulation of sensitive information such as usernames and passwords.
The vulnerability can be exploited remotely and doesn’t require any authentication, making it an attractive target for adversaries seeking to gain control over systems or extract confidential data. Threat actors exploiting this vulnerability can potentially command the camera systems to execute arbitrary instructions, significantly amplifying the scope of possible attacks. This can include deploying malware, exfiltrating data, or integrating the cameras into a larger botnet for distributed denial of service (DDoS) attacks.
Exploits are executed by sending crafted payloads to specific endpoints, notably the ;cgi-bin/param.cgi?post_network_other_conf; endpoint, where the inadequate validation lies. These payloads manipulate the system configurations to inject commands directly into the operating system, leveraging the NTP configuration weakness to bypass normal operational restrictions.
Further details and exploit scripts are circulating on platforms dedicated to vulnerability testing, highlighting the critical nature of this security issue. The threat level is exacerbated by the ease of exploitation and the widespread deployment of these camera systems in security-sensitive environments, necessitating immediate remediation efforts from both end-users and service providers.
Weakness
The core weakness associated with this vulnerability is classified under CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’). This is a serious security flaw that permits attackers to inject malicious commands into the operating system by exploiting insufficient input validation mechanisms in software components.
Impact Assessment
If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data, execute arbitrary commands, and potentially cause service disruption. Attackers could alter or tamper with device configurations, leading to information leakage or temporal financial loss for business entities relying on these cameras for essential operations.
Active Exploitation
Active exploitation of the PTZOptics Cameras OS Command Injection vulnerability has been observed, emphasizing the need for immediate security measures. Security researchers and threat intelligence reports indicate ongoing exploitation attempts targeting these devices, with adversaries capitalizing on the lack of sufficient input validation.
Ransomware Association
This vulnerability has not been directly linked to any specific ransomware attacks; however, the nature of OS command injections makes these systems potentially valuable targets for ransomware groups seeking initial network entry points or wishing to encrypt pivotal monitoring and information-gathering equipment.
Mitigation and Resolution
We have released a firmware update version 6.3.40, which directly addresses the command injection vulnerability. Users and administrators must immediately update their devices to this firmware version to mitigate potential risks. It is also advisable to review and modify any associated network configurations to prevent exploitation pathways.
Applying the patch will ensure that deserialization operations are handled in a secure manner, thereby fortifying one of the most critical components of Delta’s infrastructure management solution.
Recommendations
- We strongly recommend that all customers apply the latest firmware patch as soon as possible.
- Verify and update the firmware of PTZOptics cameras to version 6.3.40 or later.
- Regularly monitor network activity and logs for unusual activities or exploitation attempts.
- Implement strict access control measures and limit network exposure of vulnerable devices.
- Regularly review NTP configurations and ensure they do not contain arbitrary or malicious entries.
- Establish a continuous monitoring and patch management program to handle future vulnerabilities proactively.