Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
The vulnerability results from the use of outdated UI library components (CWE-1104 — Use of Unmaintained Third-Party Components) in the BLU-IC2 and BLU-IC4 device software. Such components may contain known security vulnerabilities that have not been patched by the manufacturer and can be exploited remotely without requiring authentication. The attack vector indicates that the exploit can be conducted over the network without user interaction and without required privileges.
Successful exploitation of the vulnerability may allow an attacker to gain full control of the device, and potentially compromise the confidentiality, integrity, and availability of both the device itself and associated systems.
Patches available from the manufacturer should be applied in accordance with references published on https://azure-access.com/security-advisories. It is recommended to update device software to version 1.19.5 or above immediately.
Azure-Access BLU-IC2 in versions up to and including 1.19.5, and Azure-Access BLU-IC4 in versions up to and including 1.19.5.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAzure Access Blu Ic2
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic2 Firmware
OSAzure-Access< 1.20Azure Access Blu Ic4
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic4 Firmware
OSAzure-Access< 1.20
Related vulnerabilities
Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4
Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4
Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4
Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4
Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4