One2Track 2019-12-08 Missing PIN
[Suggested description]An issue was discovered on One2Track 2019-12-08 devices.
Any SIM card used with the device
cannot have a PIN configured. If a PIN is configured, the device simply produces a
“Remove PIN and restart!” message, and cannot be used. This makes it easier for
an attacker to use the SIM card by stealing the device.
Any SIM card used with the device
cannot have a PIN configured. If a PIN is configured, the device simply produces a
“Remove PIN and restart!” message, and cannot be used. This makes it easier for
an attacker to use the SIM card by stealing the device.
——————————————
[VulnerabilityType Other]recommendation to disable common security measures——————————————
[Vendor of Product]One2Track——————————————
[Affected Product Code Base]One2Track – up to-date version as of 12-8-2019 (no exact version number)——————————————
[Affected Component]SIM card security PIN——————————————
[Attack Type]Physical——————————————
[CVE Impact Other]recommendation to disable common security measures——————————————
[Attack Vectors]Local——————————————
[Has vendor confirmed or acknowledged the vulnerability?]true——————————————
[Discoverer]Dennis van Warmerdam, Jim Blankendaal, Jasper Nota——————————————
[Reference]https://www.one2track.nlUse CVE-2019-20472.
آسیبپذیریهای جدید و وصلههای امنیتی بهصورت مداوم منتشر میشوند و عدم بروزرسانی بهموقع میتواند امنیت سرویسهای حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرمافزارها، نصب Patchهای امنیتی و سختسازی سرورها است.
خدمات مدیریت و امنیت سرور