Multiple vulnerabilities in a device from Garrett Metal Detectors were recently found by Cisco Talos, which might allow remote attackers to circumvent authentication requirements, change metal detector setups, and potentially execute arbitrary code on the device.
The flaws are in the Garrett iC module, which offers network access to the Garrett PD 6500i or Garrett MZ 6100 walk-through metal detectors routinely used at security checkpoints. Attackers might use this module to monitor metal detector statistics remotely, such as whether the alarm has been activated and how many people have passed through. They might even change the device’s setup, such as changing the sensitivity level, posing a security concern to users who rely on these metal detectors.
TALOS-2021-1353 (CVE-2021-21901), TALOS-2021-1355 (CVE-2021-21903) and TALOS-2021-1357 (CVE-2021-21905 and CVE-2021-21906) are stack-based buffer overflow vulnerabilities that an attacker might exploit by sending the device a specially crafted packet. All these flaws can lead to remote code execution, with TALOS-2021-1353 and TALOS-2021-1355 causing remote code execution before any authentication.
The directory traversal flaws TALOS-2021-1356 (CVE-2021-21904), TALOS-2021-1358 (CVE-2021-21907), and TALOS-2021-1359 (CVE-2021-21908 and CVE-2021-21909) permit an authenticated attacker to conditionally read, write, and delete files on the device. A race situation in the authentication step of a command-line utility exposed via the network, TALOS-2021-1354 (CVE-2021-21902). An attacker who successfully exploited this race situation might take control of an authorized user’s session. The attacker might then exploit the command-line interface with all compromised user’s privileges.
In accordance with Cisco’s vulnerability disclosure policy, Cisco Talos worked with Garrett to verify that these concerns were fixed and that an update was provided for impacted users. According to Talos, these vulnerabilities might be exploited by the Garrett Metal Detectors iC Module CMA, version 5.0. Users should upgrade their firmware to the most recent version as soon as feasible.