[Japanese]

JVNDB-2024-000106

Multiple vulnerabilities in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software

Overview

AIPHONE IX SYSTEM is an IP Network Audio-Video Intercom and IXG SYSTEM is an IP-based Residential System.
IX SYSTEM, IXG SYSTEM, and System Support Software contain multiple vulnerabilities listed below.


  • OS command injection (CWE-78) - CVE-2024-31408

  • Insufficiently protected credentials (CWE-522) - CVE-2024-39290

  • Use of hard-coded cryptographic key (CWE-321) - CVE-2024-45837

  • Improper access control (CWE-522) - CVE-2024-47142



Vera Mens of Claroty Research - Team82 reported these vulnerabilities to AIPHONE CO., LTD. and coordinated.
After the coordination was completed, AIPHONE CO., LTD. reported this case to IPA to notify users of the solution through JVN. JPCERT/CC coordinated with the developer for the publication.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.0 (High) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2024-31408

CVSS V3 Severity:
Base Metrics 6.5 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-39290

CVSS V3 Severity:
Base Metrics 5.4 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-45837

CVSS V3 Severity:
Base Metrics 5.5 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2024-47142
Affected Products


AIPHONE CO., LTD.
  • IX-SupportTool Ver.10.3.0.0 and earlier (CVE-2024-45837)
  • IXG-SupportTool Ver.5.0.2.0 and earlier (CVE-2024-45837)
  • IX-BA firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-BA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-BAU firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-BAU firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-BB firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-BB firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-BBT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-BBT firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-BU firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-BU firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DA firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DAU firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DAU firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DB firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DB firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DBT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DBT firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DU firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DU firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DV firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DV firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DVF firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DVF firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DVF-2RA firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DVF-2RA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DVF-L firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DVF-L firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DVF-P firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DVF-P firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DVF-RA firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DVF-RA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DVM firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DVM firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-DVT firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-DVT firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-EA firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-EA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-EAT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-EAT firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-EAU firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-EAU firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-FA firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-FA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-MV firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-MV7-B firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-B firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-MV7-BT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-BT firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-MV7-HB firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-HB firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-MV7-HBT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-HBT firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-MV7-HW firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-HW firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-MV7-HW-JP firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-HW-JP firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-MV7-HWT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-HWT firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-MV7-W firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-W firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-MV7-WT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-MV7-WT firmware Ver.7.31 and earlier (CVE-2024-45837)
  • IX-RS-B firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-RS-B firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-RS-BT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-RS-BT firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-RS-W firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-RS-W firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-RS-WT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-RS-WT firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-SPMIC firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-SPMIC firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-SS-2G firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-SS-2G firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-SS-2G-N firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-SS-2G-N firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-SS-2GT firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-SS-2GT firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-SSA firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-SSA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-SSA-2RA firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-SSA-2RA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IX-SSA-RA firmware Ver.7.11 and earlier (CVE-2024-31408, CVE-2024-39290)
  • IX-SSA-RA firmware Ver.7.30 and earlier (CVE-2024-45837)
  • IXG-2C7 firmware Ver.2.03 and earlier (CVE-2024-47142)
  • IXG-2C7 firmware Ver.3.01 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXG-2C7-L firmware Ver.2.03 and earlier (CVE-2024-47142)
  • IXG-2C7-L firmware Ver.3.01 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXG-DM7 firmware Ver.3.00 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXG-DM7-10K firmware Ver.3.00 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXG-DM7-HID firmware Ver.3.00 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXG-DM7-HIDA firmware Ver.3.00 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXG-MK firmware Ver.3.00 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXGW-GW firmware Ver.3.01 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXGW-LC firmware Ver.3.00 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXGW-TGW firmware Ver.3.01 and earlier (CVE-2024-31408, CVE-2024-39290, CVE-2024-45837)
  • IXW-MA firmware Ver.7.10 and earlier (CVE-2024-31408, CVE-2024-39290,)
  • IXW-MA firmware Ver.7.30 and earlier (CVE-2024-45837)

Impact


  • A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request (CVE-2024-31408)

  • A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book (CVE-2024-39290)

  • A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files (CVE-2024-45837)

  • A network-adjacent authenticated attacker may perform unintended operations (CVE-2024-47142)

Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
Vendor Information

AIPHONE CO., LTD.
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [IPA Evaluation]
  2. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2024-31408
  2. CVE-2024-39290
  3. CVE-2024-45837
  4. CVE-2024-47142
References

  1. JVN : JVN#41397971
Revision History

  • [2024/10/21]
      Web page was published
  • [2024/11/21]
      Overview was modified

Date Public2024/10/18
Date First Published2024/10/21
Date Last Updated2024/11/21