JVN#41397971
Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software
Overview
IX SYSTEM, IXG SYSTEM, and System Support Software provided by AIPHONE CO., LTD. contain multiple vulnerabilities.
Products Affected
CVE-2024-31408, CVE-2024-39290
- IX SYSTEM
- IX-MV firmware Ver.7.10 and earlier
- IX-MV7-HB firmware Ver.7.10 and earlier
- IX-MV7-HBT firmware Ver.7.10 and earlier
- IX-MV7-HW firmware Ver.7.10 and earlier
- IX-MV7-HWT firmware Ver.7.10 and earlier
- IX-MV7-HW-JP firmware Ver.7.10 and earlier
- IX-MV7-B firmware Ver.7.10 and earlier
- IX-MV7-BT firmware Ver.7.10 and earlier
- IX-MV7-W firmware Ver.7.10 and earlier
- IX-MV7-WT firmware Ver.7.10 and earlier
- IX-DA firmware Ver.7.10 and earlier
- IX-DAU firmware Ver.7.10 and earlier
- IX-DB firmware Ver.7.10 and earlier
- IX-DBT firmware Ver.7.10 and earlier
- IX-EA firmware Ver.7.10 and earlier
- IX-EAT firmware Ver.7.10 and earlier
- IX-EAU firmware Ver.7.10 and earlier
- IX-DV firmware Ver.7.11 and earlier
- IX-DVT firmware Ver.7.11 and earlier
- IX-DVF firmware Ver.7.11 and earlier
- IX-DVF-P firmware Ver.7.11 and earlier
- IX-DVF-L firmware Ver.7.11 and earlier
- IX-DVM firmware Ver.7.10 and earlier
- IX-DU firmware Ver.7.11 and earlier
- IX-DVF-RA firmware Ver.7.11 and earlier
- IX-DVF-2RA firmware Ver.7.11 and earlier
- IX-BA firmware Ver.7.10 and earlier
- IX-BAU firmware Ver.7.10 and earlier
- IX-BB firmware Ver.7.10 and earlier
- IX-BBT firmware Ver.7.10 and earlier
- IX-FA firmware Ver.7.10 and earlier
- IX-SSA firmware Ver.7.11 and earlier
- IX-SS-2G firmware Ver.7.10 and earlier
- IX-SS-2GT firmware Ver.7.10 and earlier
- IX-SS-2G-N firmware Ver.7.10 and earlier
- IX-BU firmware Ver.7.11 and earlier
- IX-SSA-RA firmware Ver.7.11 and earlier
- IX-SSA-2RA firmware Ver.7.11 and earlier
- IX-RS-B firmware Ver.7.10 and earlier
- IX-RS-BT firmware Ver.7.10 and earlier
- IX-RS-W firmware Ver.7.10 and earlier
- IX-RS-WT firmware Ver.7.10 and earlier
- IXW-MA firmware Ver.7.10 and earlier
- IX-SPMIC firmware Ver.7.10 and earlier
- IXG SYSTEM
- IXG-2C7 firmware Ver.3.01 and earlier
- IXG-2C7-L firmware Ver.3.01 and earlier
- IXG-DM7 firmware Ver.3.00 and earlier
- IXG-DM7-HID firmware Ver.3.00 and earlier
- IXG-DM7-HIDA firmware Ver.3.00 and earlier
- IXG-DM7-10K firmware Ver.3.00 and earlier
- IXG-MK firmware Ver.3.00 and earlier
- IXGW-GW firmware Ver.3.01 and earlier
- IXGW-TGW firmware Ver.3.01 and earlier
- IXGW-LC firmware Ver.3.00 and earlier
- IX SYSTEM
- IX-MV firmware Ver.7.30 and earlier
- IX-MV7-HB firmware Ver.7.31 and earlier
- IX-MV7-HBT firmware Ver.7.31 and earlier
- IX-MV7-HW firmware Ver.7.31 and earlier
- IX-MV7-HWT firmware Ver.7.31 and earlier
- IX-MV7-HW-JP firmware Ver.7.31 and earlier
- IX-MV7-B firmware Ver.7.31 and earlier
- IX-MV7-BT firmware Ver.7.31 and earlier
- IX-MV7-W firmware Ver.7.31 and earlier
- IX-MV7-WT firmware Ver.7.31 and earlier
- IX-DA firmware Ver.7.30 and earlier
- IX-DAU firmware Ver.7.30 and earlier
- IX-DB firmware Ver.7.30 and earlier
- IX-DBT firmware Ver.7.30 and earlier
- IX-EA firmware Ver.7.30 and earlier
- IX-EAT firmware Ver.7.30 and earlier
- IX-EAU firmware Ver.7.30 and earlier
- IX-DV firmware Ver.7.30 and earlier
- IX-DVT firmware Ver.7.30 and earlier
- IX-DVF firmware Ver.7.30 and earlier
- IX-DVF-P firmware Ver.7.30 and earlier
- IX-DVF-L firmware Ver.7.30 and earlier
- IX-DVM firmware Ver.7.30 and earlier
- IX-DU firmware Ver.7.30 and earlier
- IX-DVF-RA firmware Ver.7.30 and earlier
- IX-DVF-2RA firmware Ver.7.30 and earlier
- IX-BA firmware Ver.7.30 and earlier
- IX-BAU firmware Ver.7.30 and earlier
- IX-BB firmware Ver.7.30 and earlier
- IX-BBT firmware Ver.7.30 and earlier
- IX-FA firmware Ver.7.30 and earlier
- IX-SSA firmware Ver.7.30 and earlier
- IX-SS-2G firmware Ver.7.30 and earlier
- IX-SS-2GT firmware Ver.7.30 and earlier
- IX-SS-2G-N firmware Ver.7.30 and earlier
- IX-BU firmware Ver.7.30 and earlier
- IX-SSA-RA firmware Ver.7.30 and earlier
- IX-SSA-2RA firmware Ver.7.30 and earlier
- IX-RS-B firmware Ver.7.30 and earlier
- IX-RS-BT firmware Ver.7.30 and earlier
- IX-RS-W firmware Ver.7.30 and earlier
- IX-RS-WT firmware Ver.7.30 and earlier
- IXW-MA firmware Ver.7.30 and earlier
- IX-SPMIC firmware Ver.7.30 and earlier
- IXG SYSTEM
- IXG-2C7 firmware Ver.3.01 and earlier
- IXG-2C7-L firmware Ver.3.01 and earlier
- IXG-DM7 firmware Ver.3.00 and earlier
- IXG-DM7-HID firmware Ver.3.00 and earlier
- IXG-DM7-HIDA firmware Ver.3.00 and earlier
- IXG-DM7-10K firmware Ver.3.00 and earlier
- IXG-MK firmware Ver.3.00 and earlier
- IXGW-GW firmware Ver.3.01 and earlier
- IXGW-TGW firmware Ver.3.01 and earlier
- IXGW-LC firmware Ver.3.00 and earlier
- System Support Software
- IX-SupportTool Ver.10.3.0.0 and earlier
- IXG-SupportTool Ver.5.0.2.0 and earlier
- IXG SYSTEM
- IXG-2C7 firmware Ver.2.03 and earlier
- IXG-2C7-L firmware Ver.2.03 and earlier
Description
AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System.
IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below.
- OS command injection (CWE-78)
- CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0
- CVE-2024-31408
- Insufficiently protected credentials (CWE-522)
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5
- CVE-2024-39290
- Use of hard-coded cryptographic key (CWE-321)
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score 5.4
- CVE-2024-45837
- Insufficiently protected credentials (CWE-522)
- CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Base Score 5.5
- CVE-2024-47142
Impact
- A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request (CVE-2024-31408)
- A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book (CVE-2024-39290)
- A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files (CVE-2024-45837)
- A network-adjacent authenticated attacker may perform unintended operations (CVE-2024-47142)
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Vera Mens of Claroty Research - Team82 reported these vulnerabilities to AIPHONE CO., LTD. and coordinated.
After the coordination was completed, AIPHONE CO., LTD. reported this case to IPA to notify users of the solution through JVN. JPCERT/CC coordinated with the developer for the publication.
Other Information
JPCERT Alert |
|
JPCERT Reports |
|
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2024-31408 |
CVE-2024-39290 |
|
CVE-2024-45837 |
|
CVE-2024-47142 |
|
JVN iPedia |
JVNDB-2024-000106 |
Update History
- 2024/11/21
- The CWE for CVE-2024-47142 was updated from CWE-284 to CWE-522.