Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
The vulnerability classified as CWE-321 (Use of Hard-coded Cryptographic Key) consists in the fact that all instances of BLU-IC2 and BLU-IC4 devices possess identical cryptographic secrets hardcoded in the firmware used for authentication or encryption of communication on TCP port 5000 (SDKSocket). An attacker who obtains knowledge of these secrets (for example through analysis of the firmware of one device) can impersonate an authorized client or decrypt network traffic of any other device from the same product line. The attack vector is network-based, requires no authentication or user interaction.
An attacker with network access to TCP port 5000 can gain full control over the device and potentially over systems associated with it, which includes violation of confidentiality, integrity, and availability of both the device itself and the systems communicating with it.
Patches available from the manufacturer should be applied according to the references (https://azure-access.com/security-advisories). Until updates are applied, it is recommended to block access to TCP port 5000 at the firewall level and restrict network access to devices only to trusted hosts.
Azure-Access BLU-IC2 in all firmware versions up to and including 1.19.5 and Azure-Access BLU-IC4 in all firmware versions up to and including 1.19.5.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAzure Access Blu Ic2
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic2 Firmware
OSAzure-Access< 1.20Azure Access Blu Ic4
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic4 Firmware
OSAzure-Access< 1.20
Related vulnerabilities
Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4
Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4
Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4
Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4
Systemiczne błędy wewnętrzne serwera (HTTP 500) w Azure-Access BLU-IC2 i BLU-IC4