Executive Summary

Summary
Title Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input
Informations
Name VU#820196 First vendor Publication 2016-01-04
Vendor VU-CERT Last vendor Modification 2016-01-04
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#820196

Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input

Original Release date: 04 Jan 2016 | Last revised: 04 Jan 2016

Overview

Furuno Voyage Data Recorder (VDR) VR-3000/VR-3000S and VR-7000 moduleserv firmware update utility fails to properly sanitize user-provided input and is vulnerable to arbitrary command execution with root privileges.

Description

According to the Furuno VDR product page, the VDR "records all crucial data to identify the cause of maritime casualty as well as contribute to the future prevention of the catastrophe of any kind."

Multiple versions of Furuno VDR VR-3000/VR-3000S and VR-7000 contain a firmware update utility called moduleserv that listens on TCP port 10110. The moduleserv service fails to properly sanitize user-provided input, which an unauthenticated attacker may leverage to execute arbitrary commands with root privileges. For more information, refer to the blog post by IOActive.

Impact

An unauthenticated attacker with network access to affected devices can execute arbitrary commands with root privileges.

Solution

Apply an update

The vendor has released updates to address this vulnerability. Updates should be applied as follows.

For the VR-3000/VR-3000S:

  • V1.50 through V1.54 should be updated to V1.56
  • V1.61 should be updated to V1.62
  • V2.06 through V2.54 should be updated to V2.56
  • V2.60 through V2.61 should be updated to V2.62
For the VR-7000:
  • V1.02 should be updated to V1.04

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
FurunoAffected-22 Dec 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base8.3AV:A/AC:L/Au:N/C:C/I:C/A:C
Temporal6.2E:POC/RL:OF/RC:UR
Environmental1.8CDP:LM/TD:L/CR:ND/IR:ND/AR:ND

References

  • http://www.furuno.com/en/merchant/vdr/
  • http://blog.ioactive.com/2015/12/maritime-security-hacking-into-voyage.html

Credit

Thanks to Ruben Santamarta of IOActive for reporting this vulnerability. Thanks to JPCERT/CC for coordinating with the vendor.

This document was written by Joel Land.

Other Information

  • CVE IDs:Unknown
  • Date Public:04 Jan 2015
  • Date First Published:04 Jan 2016
  • Date Last Updated:04 Jan 2016
  • Document Revision:24

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/820196

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2016-01-04 17:23:31
  • First insertion