CVE-2024-41988
Missing Authentication for Critical Function (CWE-306)
Summary
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.
Impact
This vulnerability has a critical severity with a CVSS v4 base score of 9.3. The impact is severe as it allows an attacker to: 1. Upload malicious binary images to the MPFS File System without authentication. 2. Overwrite the flash program memory containing the web server's main interfaces. 3. Execute arbitrary code on the affected system. This can lead to complete compromise of the TEM Opera Plus FM Family Transmitter, potentially allowing an attacker to take full control of the device, manipulate its functionality, and use it as a foothold for further network attacks.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
As of the provided information, there is no mention of an available patch. The security team should immediately check with the vendor (TEM) for any available updates or patches for the Opera Plus FM Family Transmitter.
Mitigation
Until a patch is available, consider the following mitigation strategies: 1. Network Isolation: Restrict network access to the TEM Opera Plus FM Family Transmitter. Only allow connections from trusted IP addresses and networks. 2. Firewall Rules: Implement strict firewall rules to block unauthorized access to the unprotected endpoint. 3. Monitoring: Implement robust logging and monitoring for any suspicious activities or unauthorized access attempts to the device. 4. Regular Audits: Conduct frequent security audits of the device configuration and installed firmware. 5. Least Privilege: Ensure that all user accounts and services associated with the transmitter follow the principle of least privilege. 6. Physical Security: If possible, implement physical security measures to prevent unauthorized access to the device. 7. Backup: Regularly backup the device configuration and critical data to enable quick recovery in case of a compromise. 8. Vendor Communication: Maintain regular contact with TEM for updates on patches or additional mitigation strategies they may recommend.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Timeline
Feedly found the first article mentioning CVE-2024-41988. See article
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-41988
A CVSS base score of 9.3 has been assigned.
EPSS Score was set to: 0.04% (Percentile: 9.6%)