Security Advisories: 20241220

Security Advisories: 20241220

Doc No. Robustel_SA_20241220
Updated December 20, 2024


Robustel has released a firmware security update for all RobustOS devices. This update addresses an OpenSSH and OpenSSL security issue in the RobustOS firmware. 
If you are utilizing Public IP SIMs or believe that your network requires enhanced protection, we recommend downloading and installing the latest firmware update through the RCMS. Should you have any questions or need assistance, please do not hesitate to contact the Robustel Support Team.

DETAILS

This section summarizes the potential impact that this security update addresses. Descriptions use CWE™, and base scores and vectors use CVSS3.0 standards.

CVE IDs

Summary

Base Score

Vector

CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

8.1

CVSS:3.1/AV:N/AC:H/PR:

N/UI:N/S:U/C:H/I:H/A:H

CVE-2024-0727

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack. Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly.

5.5

CVSS:3.1/AV:L/AC:L/PR:

N/UI:R/S:U/C:N/I:N/A:H

SECURITY UPDATES

The following table lists the products affected, versions affected, and the updated version that includes this security update.
To upgrade the device firmware,
  1. you can either remotely deploy the corresponding firmware version to the device directly through RCMS.
  2. or download the firmware from the Robustel knowledge base to perform a local upgrade.

CVE IDs Addressed

Vulnerablity Report Date

Product Name

Affected Versions

Updated Version

CVE-2024-6387

01/07/2024

All RobustOS Devices

V3.x and V5.x

V5.3.3

CVE-2024-0727

26/01/2024

All RobustOS Devices

V3.x and V5.x

V5.3.3

Mitigation

Upgrade to version 5.3.3.

Initial Publication Date

December 20, 2024

REVISION HISTORY

Revision

Date

Description

1.0

December 20, 2024

Initial release

SUPPORT

For any inquiries regarding this security bulletin, please reach out to the Robustel Support Team.

    • Related Articles

    • Security Advisories: 20220810

      Doc No. Robustel_SA_20220810 Updated August 10th, 2022 Robustel has released a firmware security update for all RobustOS devices. This update addresses security issues in the RobustOS firmware that may lead to arbitrary command execution and ...