Patton SmartNode SN200 Pre-Auth OS Command Injection via AuthToken Bypass (CVE-2023-41109)

Key Information Vulnerability Types: - OS Command Injection (CWE-78) - Improper Access Control (CWE-284) Affected Products and Versions: - Product: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Manufacturer: Patton LLC - Affected Versions: <= 3.21.2-23021 Risk Level: High Vulnerability Discovery and Disclosure Timeline: - 2023-06-28: Vulnerability discovered - 2023-07-05: Vulnerability reported to the manufacturer - 2023-08-28: Vulnerability details publicly disclosed 世 2023-10-13: Vulnerability confirmed to exist in newly released version 3.22.0-23083 CVE ID: CVE-2023-41109 Vulnerability Details: - An unauthorized OS command injection vulnerability was found due to flaws in the authorization mechanism and improper input validation. - Unauthenticated attackers can execute system commands via the affected product’s web interface. Proof of Concept (PoC): - Example HTTP request demonstrating execution of the "ping" command on the device. - Authorization check can be bypassed using an empty "AuthToken" cookie. Recommended Mitigations: - Disable the vulnerable "Network Diagnostic Commands" feature if possible. - Block direct or firewall-protected access to the device’s HTTP interface from the network. Discoverer: - Maurizio Ruchay, SySS GmbH Manufacturer Notification Date: 2023-07-05 Public Disclosure Date: 2023-08-28 CVE Reference: CVE-2023-41109 Advisory Author: Maurizio Ruchay, SySS GmbH

Goal Reached Thanks to every supporter — we hit 100%!

Patton SmartNode SN200 Pre-Auth OS Command Injection via AuthToken Bypass (CVE-2023-41109)