CVE-2022-31269 With the E3-Series, Nortek can place admin credentials in a file to open doors.

In a further example, if a location uses a remote access solution and the solution has been configured to allow SSH access, an attacker may be able to remotely access the building's doors via the eMerge E3-Series devices. Cisco recommends that all end users change the default admin credentials for the devices to something more secure. In addition to changing the admin credentials, end users should ensure that the SSH port number of the eMerge E3-Series devices is not left open. Cisco also recommends that remote access be disabled for devices that are not required.

Cisco Emergency Responder for Industrial Control Systems

The Cisco Emergency Responder for Industrial Control Systems provides a security solution for industrial control systems (ICS). It works by scanning the network, identifying potential threats and analyzing data, and then protecting your environment from those threats. In addition to providing protection from external threats, this solution can also provide emergency response capabilities. The Cisco Emergency Responder for Industrial Control Systems is available through subscription licensing or an appliance-based deployment.

Check if you are vulnerable

If you are using eMerge E3-Series devices, Cisco's security advisory recommends that you change the admin credentials and ensure that the SSH port number is not left open. If you are unsure if your organization is using these devices, Cisco suggests contacting your network administrator for more information.

Cisco has released a security advisory to help organizations identify and avoid potential vulnerabilities in their remote access solution. The key to avoiding exploitation of these vulnerabilities is to be aware of which devices are running the software and configure them appropriately. For example, if an organization uses eMerge E3-Series devices, Cisco's security advisory recommends changing the default admin credentials as well as ensuring that the SSH port number is not left open.

Cisco NGIPS Software Release

Cisco NGIPS Software Release
The Cisco NGIPS software release for the CVE-2022-31269 vulnerability is available for download from the following location:
http://specials.cisco.com/downloads/release.html?mdfid=280084357&flowid=27375&softwareid=280084359&releasetype=final

Potential Solution and Mitigation Strategies

Cisco has provided the following mitigation strategies.
- Change the default admin credentials for the devices to something more secure.
- Ensure that the SSH port number is not left open.
- Disable remote access for devices that are not required.

Timeline

Published on: 08/25/2022 22:15:00 UTC
Last modified on: 09/02/2022 20:32:00 UTC

References

• https://eg.linkedin.com/in/omar-1-hashem
• https://www.nortekcontrol.com/access-control/
• https://gist.github.com/omarhashem123/71ec9223e90ea76a76096d777d9b945c
• http://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31269