Warning from Specialists About Crucial Unfixed Weakness in Linear eMerge E3 Systems
Internet protection experts are cautioning about an unfixed weakness in Nice Linear eMerge E3 access controller systems that could allow for the execution of random operating system (OS) commands.
The defect, labeled with the CVE identifier CVE-2024-9441, comes with a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.
“A weakness in the Nortek Linear eMerge E3 enables distant unauthenticated attackers to make the device execute arbitrary command,” SSD Disclosure stated in an advisory for the defect that was made public late the previous month, mentioning that the provider is yet to supply a fix or a workaround.
The defect affects the below versions of Nortek Linear eMerge E3 Access Control: 0.32-03i, 0.32-04m, 0.32-05p, 0.32-05z, 0.32-07p, 0.32-07e, 0.32-08e, 0.32-08f, 0.32-09c, 1.00.05, and 1.00.07.
Proof-of-concept (PoC) exploitations for the defect have been released subsequent to public disclosure, increasing worries that it might be exploited by malicious actors.
Despite being initially unveiled in May 2019, the deficiency wasn’t resolved by the company until earlier this March.
“However, considering the slow reaction from the provider to the preceding CVE-2019-7256, we do not anticipate a solution for CVE-2024-9441 anytime soon,” Jacob Baines from VulnCheck stated. “Enterprises utilizing the Linear Emerge E3 series should promptly take these devices offline or segregate them.”
As communicated in a statement to SSD Disclosure, Nice suggests customers to adhere to best security practices, including enforcing network separation, restrict entry to the product from the internet, and position it behind a network firewall.
About Author
