JVN#83440451
Multiple Safie products vulnerable to improper server certificate verification
Overview
Multiple Safie products are vulnerable to improper server certificate verification.
Products Affected
- QBiC CLOUD CC-2L v1.1.30 and earlier
- Safie One v1.8.2 and earlier
Description
Multiple Safie products are vulnerable to improper server certificate verification (CWE-295).
The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the device-specific information. The user who has obtained the device-specific information can directly operate the device (even if it is not owned by the user).
Impact
A man-in-the-middle attack may allow an attacker to obtain and/or alter communications of the affected product, resulting in arbitrary OS command execution.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
In addition to the update for the affected products, a security measure is deployed on the cloud server side on July 24, 2024.
Vendor Status
| Vendor | Link |
| Safie Inc. | Security Update Notification (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Comment
This analysis chooses AV:A assuming a situation where a man-in-the-middle attack is carried out by an attacker who is within the range of Bluetooth or wireless LAN signals.
Credit
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2024-39771 |
| JVN iPedia |
JVNDB-2024-000086 |
Update History
- 2024/08/29
- Information under the section [Impact] was updated