![Meinberg Security Advisory: [MBGSA-2024.08] LANTIME Firmware V7.08.018 - Meinberg News](/css/images/logos/meinberg-logo.svg){kind=logo}
![[Preview]Meinberg Security Advisory: [MBGSA-2024.08] LANTIME-Firmware V7.08.018 - Meinberg News](/css/buttons/xde.png.pagespeed.ic.STRk-ATSUv.png)
NEWSNews from 2024-12-17
Meinberg Security Advisory: [MBGSA-2024.08] LANTIME Firmware V7.08.018
Meinberg recommends updating to LANTIME Firmware Version 7.08.018.
-
LANTIME Firmware Version 7.08.017:
Severity Level Critical (0), High (0), Medium (2), Low (2), Info (0), Unknown (0)
- LANTIME Firmware: V7.08.018
-
Description of the Vulnerabilities
- Third-Party Software:
-
curl:
-
CVE-2024-9681 - HSTS subdomain overwrites parent cache entry (Low)
More information:
https://curl.se/docs/CVE-2024-9681.htmlFixed in:
V7.08.018 MBGID-20006
-
-
libexpat:
-
CVE-2024-50602 - Stop XML_ResumeParser from crashing (Medium)
More information:
https://github.com/libexpat/libexpat/pull/915
https://bugzilla.redhat.com/show_bug.cgi?id=2321987Fixed in:
V7.08.018 MBGID-19956
-
-
nano:
-
CVE-2024-5742 - Running chmod and chown on the filename allows malicious user to replace the emergency file (Low)
More information:
https://access.redhat.com/security/cve/CVE-2024-5742Fixed in:
V7.08.018 MBGID-19966
-
-
wpa_supplicant:
-
CVE-2023-52160 - PEAP in wpa_supplicant allows authentication bypass (Medium)
More information:
https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html
https://nvd.nist.gov/vuln/detail/CVE-2023-52160Fixed in:
V7.08.018 MBGID-19967
-
-
curl:
-
Systems Affected
All LANTIME Firmware versions before 7.08.018 are affected by the corresponding vulnerabilities. The LANTIME Firmware is used by all devices of the LANTIME series (M100, M150, M200, M250, M300, M320, M400, M450, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000), the SyncFire product family (SF1000, SF1100, SF1200, SF1500), and LANTIME CPU Expansions (LCES).
Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the individual configuration, network infrastructure, and other factors, and it is therefore not possible to provide a general statement on how vulnerable a given system in use actually is.
-
Possible Security Measures
The relevant security updates are included in the LANTIME Firmware Version 7.08.018(-light). Updating to these versions eliminates the listed vulnerabilities.
Download the latest LANTIME Firmware at:
The update is now available for Meinberg customers. An update of the LANTIME Firmware to Version 7.08.018 or 7.08.018-light as appropriate is recommended. Customers who cannot install Version 7.08.018 should install Version 7.08.018-light instead.
-
Further Information
Further details and information are available from the following website:
If you have any questions or need assistance, please do not hesitate to contact Meinberg's Technical Support Team..
-
Acknowledgments
We would like to express our gratitude to all those who have advised us of vulnerabilities or other bugs, and have also suggested improvements to us.
Thank you!
- Third-Party Software:
