CVE-2021-20074 – CVE-2021-20074 allows authenticated users to es... (How to Fix)

Q: What is the severity of CVE-2021-20074?

CVE-2021-20074 has a CVSS score of 8.8 (HIGH). CVE-2021-20074 allows authenticated users to escape the command line interface in Racom's MIDGE Firmware and execute arbitrary operating system commands. This affects organizations using Racom MIDGE devices with vulnerable firmware versions. Attackers can gain full system control through command injection.

📋 TL;DR

CVE-2021-20074 allows authenticated users to escape the command line interface in Racom's MIDGE Firmware and execute arbitrary operating system commands. This affects organizations using Racom MIDGE devices with vulnerable firmware versions. Attackers can gain full system control through command injection.

💻 Affected Systems

Products:

Racom MIDGE Firmware

Versions: 4.4.40.105

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the command line interface. All devices running this specific firmware version are vulnerable.

📦 What is this software?

M\!dge Firmware by Racom

View all CVEs affecting M\!dge Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to install malware, pivot to other network segments, exfiltrate sensitive data, or render the device inoperable.

🟠

Likely Case

Attackers gain administrative control of the MIDGE device, allowing them to modify configurations, intercept network traffic, or use the device as a foothold for further attacks.

🟢

If Mitigated

Limited impact if network segmentation, strict access controls, and monitoring are in place to contain potential breaches.

🌐 Internet-Facing: HIGH - If devices are exposed to the internet, attackers can potentially exploit this vulnerability remotely after authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this to gain elevated privileges and move laterally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained. Public technical details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 4.4.40.105

Vendor Advisory: https://www.racom.eu/eng/products/m/midge.html

Restart Required: Yes

Instructions:

1. Contact Racom for updated firmware. 2. Backup device configuration. 3. Upload and install the patched firmware version. 4. Reboot the device. 5. Verify the new firmware version is running.

🔧 Temporary Workarounds

Restrict CLI Access

all

Limit command line interface access to only trusted administrators using network segmentation and strict access controls.

Implement Strong Authentication

all

Enforce complex passwords, multi-factor authentication, and account lockout policies for all administrative accounts.

🧯 If You Can't Patch

Isolate vulnerable devices in a separate network segment with strict firewall rules limiting inbound and outbound connections.
Implement comprehensive logging and monitoring for suspicious CLI activity and command execution attempts.

🔍 How to Verify

Check if Vulnerable:

Check the firmware version via the device web interface or CLI using the version command. If it shows 4.4.40.105, the device is vulnerable.

Check Version:

Check via web interface or use device-specific CLI commands to display firmware version.

Verify Fix Applied:

After patching, verify the firmware version is no longer 4.4.40.105. Test that command injection attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual CLI access patterns
Execution of system commands from CLI
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unexpected outbound connections from MIDGE devices
Traffic to suspicious external IPs

SIEM Query:

Search for events where source device is MIDGE and contains command execution patterns or unusual authentication events.

📊 Metadata

CVE ID: CVE-2021-20074

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: February 16, 2021

Last Updated: November 21, 2024

🔗 References

https://www.tenable.com/security/research/tra-2021-04 Third Party Advisory
https://www.tenable.com/security/research/tra-2021-04 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-20074, you might also want to check these: