CVE-2021-21903 – This critical vulnerability allows remote attac... (How to Fix)

Q: What is the severity of CVE-2021-21903?

CVE-2021-21903 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability allows remote attackers to execute arbitrary code on Garrett Metal Detectors' iC Module CMA systems by sending specially-crafted UDP packets. The stack-based buffer overflow in the check_udp_crc function can lead to complete system compromise. Organizations using these metal detector systems in security-sensitive environments are affected.

📋 TL;DR

This critical vulnerability allows remote attackers to execute arbitrary code on Garrett Metal Detectors' iC Module CMA systems by sending specially-crafted UDP packets. The stack-based buffer overflow in the check_udp_crc function can lead to complete system compromise. Organizations using these metal detector systems in security-sensitive environments are affected.

💻 Affected Systems

Products:

Garrett Metal Detectors iC Module CMA

Versions: Version 5.0

Operating Systems: Embedded system (specific OS not specified)

Default Config Vulnerable: ⚠️ Yes

Notes: All systems running the vulnerable version are affected by default. The vulnerability is in the network processing code and requires no special configuration.

📦 What is this software?

Ic Module Cma by Garrett

View all CVEs affecting Ic Module Cma →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with root privileges, allowing attackers to disable security systems, manipulate detection data, or pivot to other network systems.

🟠

Likely Case

Remote code execution leading to system disruption, data manipulation, or installation of persistent backdoors on metal detector systems.

🟢

If Mitigated

Limited impact if systems are isolated in protected networks with strict firewall rules blocking UDP traffic to vulnerable ports.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable via UDP packets without authentication, making internet-exposed systems extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, the vulnerability requires no authentication and can be exploited by any network-adjacent attacker.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit with publicly available technical details. Attackers can craft malicious UDP packets to trigger the buffer overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Garrett Metal Detectors for updated firmware

Vendor Advisory: https://www.garrett.com/security-advisory

Restart Required: Yes

Instructions:

1. Contact Garrett Metal Detectors support for patched firmware. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Restart the iC Module CMA system. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate iC Module CMA systems in separate VLANs with strict firewall rules

Firewall Restrictions

linux

Block all UDP traffic to the vulnerable port on affected systems

iptables -A INPUT -p udp --dport [PORT] -j DROP

🧯 If You Can't Patch

Segment affected systems in isolated network zones with no internet access
Implement strict network monitoring for anomalous UDP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check system firmware version via device management interface. If version is 5.0, system is vulnerable.

Check Version:

Check via device web interface or serial console (specific command depends on access method)

Verify Fix Applied:

Verify firmware version has been updated to a version later than 5.0 via device management interface.

📡 Detection & Monitoring

Log Indicators:

Unusual UDP packet patterns
System crash/restart events
Memory access violation logs

Network Indicators:

Malformed UDP packets to port used by iC Module CMA
Unusual traffic spikes to metal detector systems

SIEM Query:

source="firewall" AND dest_port=[PORT] AND protocol="UDP" AND packet_size>normal_threshold

📊 Metadata

CVE ID: CVE-2021-21903

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: December 22, 2021

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1355 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1355 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21903, you might also want to check these: