CVE-2022-40187 Forescout's Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled.

In addition to TCF, Foresight devices are vulnerable to other issues. The Foresight devices ship with many default credentials that could be exploited by an attacker. Some of the credentials that ship with the device include the default password for SSH, accounts with admin privileges, and the administrator’s email address. Foresight devices also ship with a hardcoded password for the default SSH login. This password is “admin”. Foresight devices do not ship with a password change function, making it trivial for an attacker to change the root password. Foresight does not ship with a weak password policy, making it trivial for an attacker to change the root password. Foresight devices ship with the “admin” SSH password, making it trivial for an attacker to gain root access to the device. Foresight devices do not ship with remote-login capabilities, making it trivial for an attacker to gain remote administrative access to the device. Foresight devices do not ship with a feature that prompts the user before they type in their root password, making it trivial for an attacker to gain administrative access to the device. Foresight devices do not ship with a password change function, making it trivial for an attacker to change the root password. Foresight devices do not ship with a weak password policy, making it trivial for an attacker to change the root password. Foresight devices do not ship with a remote-login capability, making it trivial for

Foresight Devices are vulnerable to the following vulnerabilities

Foresight devices are vulnerable to the following vulnerabilities:
1) CVE-2022-40187: Foresight devices do not ship with a feature that prompts the user before they type in their root password, making it trivial for an attacker to gain administrative access to the device.
2) CVE-2020-7850: Foresight devices are vulnerable to brute force attacks because they do not ship with remote-login capabilities.
3) CVE-2019-3475: Foresight devices don’t include a password change function, making it trivial for an attacker to change the root password.

Vulnerability Symptoms and Analysis

It is trivial to gain root access to the device as it doesn’t ship with remote-login capabilities. An attacker can make malicious changes by changing the default SSH password to something that makes sense and then changing the root password. Changes like that can allow an attacker to take control of the device, including unauthorized remote access and uploading malicious code.
Vulnerabilities in Foresight devices could lead to a wide range of problems for an unsuspecting business. It is also important to note that these vulnerabilities exist because of Foresight’s use of default credentials as well as other security misconfigurations.

Timeline

Published on: 10/13/2022 01:15:00 UTC
Last modified on: 10/14/2022 19:59:00 UTC

References

• https://www.foresightsports.com/gc3
• https://www.bushnellgolf.com/products/launch-monitors/launch-pro/
• https://wiki.eclipse.org/TCF
• https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0003.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40187