CRITICAL🇵🇱 Wersja polska

CVE-2025-12423

CVSS 10.0v4.0pub. 2025-10-28upd. 2025-11-07

Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .

🤖 AI Analysis
How it works

An attacker can remotely send crafted data or protocol requests to the vulnerable device, leading to its malfunction or complete downtime. The attack requires no privileges, user interaction, or additional conditions on the attacker's side. The vulnerability is classified as CWE-248, indicating an unhandled exception that can be triggered externally.

Impact

An attacker can render the device unavailable (denial of service), interrupting its operation and potentially disrupting physical access control or other critical functions supported by these devices.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references published at https://azure-access.com/security-advisories. Until updates are applied, it is recommended to restrict network access to BLU-IC2 and BLU-IC4 devices, for example through network segmentation or by implementing firewall rules blocking unauthorized traffic.

Who is affected

Azure-Access BLU-IC2 in all versions up to and including 1.19.5, and Azure-Access BLU-IC4 in all versions up to and including 1.19.5 (device firmware and software).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12516CRITICAL10.0PL ✓ten sam produkt

Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4