CVE-2024-55447: Access Control in Paxton Net2 software (update)
这篇文章披露了Paxton Net2软件中的严重安全漏洞(CVE-2024-55447),可能导致个人身份信息泄露和访问控制问题。攻击者可通过MSSQL单用户模式获取数据库管理员权限,克隆门禁卡并篡改审计日志。厂商尚未修复该漏洞,建议限制对运行Net2软件的计算机的本地访问权限以降低风险。 2025-2-11 03:50:19 Author: seclists.org(查看原文) 阅读量:15 收藏
这篇文章披露了Paxton Net2软件中的严重安全漏洞(CVE-2024-55447),可能导致个人身份信息泄露和访问控制问题。攻击者可通过MSSQL单用户模式获取数据库管理员权限,克隆门禁卡并篡改审计日志。厂商尚未修复该漏洞,建议限制对运行Net2软件的计算机的本地访问权限以降低风险。 2025-2-11 03:50:19 Author: seclists.org(查看原文) 阅读量:15 收藏
Full Disclosure mailing list archives
From: Jeroen Hermans via Fulldisclosure <fulldisclosure () seclists org>
Date: Mon, 10 Feb 2025 23:21:18 +0100
CloudAware Security AdvisoryCVE-2024-55447: Potential PII leak and incorrect access control in Paxton Net2 software
======================================================================== Summary ======================================================================== Insecure backend database in the Paxton Net2 software. Possible leaking of PII incorrect access control. Access cards can be cloned without physical access to the original card. Audit log integrity compromised. No physical access to computer running Paxton Net2 is required. ======================================================================== Product ======================================================================== * Paxton Net2 (all current versions) ======================================================================== Detailed description ========================================================================By exploiting MSSQL single user mode it is possible to gain administrator rights to the Net2 database. In this database plaintext PIN codes for building entrance can be found and changed. It is also possible to add users to the system and enable/disable users in the system. By reading tables in the MSSQL table PII is leaked. Apart from the PII in plaintext in the database, card data is also stored unencrypted in the database. Using the data in the database cards can be cloned without having the original card if a Mifare or multi-protocol
reader is used for building entrance.The above vulnerabilities are also relevant for the integrity of the audit logs in Paxton Net2 software. These audit logs should never be used as forensic data. Not only is it possible cards are cloned, but audit log data can be
manipulated directly in the database tables.In order to gain access local access to the computer running Net2 is necessary, but this can also be over a network
using e.g. Anydesk which makes physical access not necessary.The vendor has not acknowledged the vulnerability after contact. There is no fix planned.
======================================================================== Solution ========================================================================As the vendor has not acknowledged the vulnerability there is no effective remediation for this vulnerability. The most effective measure at this moment is closely monitoring who has local access to the machine running the Net2
software. ======================================================================== Mitigation ========================================================================There is no known effective mitigation. Limiting who has local access to the machine running the Net2 software seems
the most effective measure. Card cloning can be mitigated by not using ======================================================================== Weblinks ======================================================================== - https://github.com/gitaware/CVE/tree/main/CVE-2024-55447 - https://seclists.org/fulldisclosure/2024/Dec/0 - exploit github available to help with mitigation ======================================================================== Discoverers ======================================================================== Jeroen Hermans, CloudAware j.hermans[at]cloudaware[dot]eu Emiel van Berlo, Danego emiel[at]danego[dot]nl ======================================================================== History ======================================================================== nov 12 2024: Requested latest Net2 software from Paxtonnov 26, 2024: Obtained latest Net2 software from other source than manufacturer
nov 26, 2024: Informed Paxton about vulnerability nov 27, 2024: Release of exploit codedec 2, 2024: Refused CVE reservation by Paxton & request of CVE reservation directly at Mitre
feb 10, 2025: CVE Assigned via Mitre
Attachment:
OpenPGP_0x52DD23305307A27C.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- CVE-2024-55447: Access Control in Paxton Net2 software (update) Jeroen Hermans via Fulldisclosure (Feb 10)
文章来源: https://seclists.org/fulldisclosure/2025/Feb/6
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh