CySecurity News – Latest Information Security and Hacking Incidents
Carrier’s LenelS2 HID Mercury access control system, which is widely used in healthcare, academic, transport, and federal buildings have eight zero-day vulnerabilities.
In a report shared by The Hacker News, Trellix security experts Steve Povolny and Sam Quinn wrote, “The vulnerabilities found to enable us to demonstrate the ability to remotely open and lock doors, manipulate alarms, and degrade logging and notification systems.”
The investigation begins at the hardware level; Researchers were able to change onboard components and connect with the device by using the manufacturer’s built-in ports.
They were able to gain root access to the device’s operating system and extract its firmware for virtualization and vulnerability or other exploits using a combination of known and unique techniques. One of the issues (CVE-2022-31481) contains an unauthorized remote execution weakness with a CVSS severity rating of 10 out of 10. The following is the detailed list of flaws:
- Unauthenticated command injection vulnerability CVE-2022-31479.
- Unauthenticated denial-of-service vulnerability CVE-2022-31480.
- CVSS 10 rated RCE vul
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.Read the original article: