CVE-2021-31538 – CVE-2021-31538 is a path traversal vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-31538?

CVE-2021-31538 has a CVSS score of 7.5 (HIGH). CVE-2021-31538 is a path traversal vulnerability in LANCOM R&S Unified Firewall devices that allows attackers to access files outside the intended directory. This affects organizations using these firewall devices with vulnerable firmware versions. Attackers could potentially read sensitive configuration files or system information.

📋 TL;DR

CVE-2021-31538 is a path traversal vulnerability in LANCOM R&S Unified Firewall devices that allows attackers to access files outside the intended directory. This affects organizations using these firewall devices with vulnerable firmware versions. Attackers could potentially read sensitive configuration files or system information.

💻 Affected Systems

Products:

LANCOM R&S Unified Firewall (UF) devices

Versions: LCOS FX 10.5

Operating Systems: LCOS FX (LANCOM Operating System)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices running the specific vulnerable firmware version. Other LCOS FX versions may not be affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, credentials, or system files leading to further attacks on the network.

🟠

Likely Case

Information disclosure of firewall configuration, network topology, or system files that could aid in subsequent attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH - Firewalls are typically internet-facing devices, making them prime targets for external attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The advisory includes technical details that could be used to create exploits. Path traversal vulnerabilities are typically easy to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: LCOS FX 10.5 with security patch or later version

Vendor Advisory: https://www.lancom-systems.com/service-support/instant-help/security-advisories/

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download latest firmware from LANCOM support portal. 3. Backup configuration. 4. Apply firmware update via web interface or CLI. 5. Reboot device. 6. Verify update successful.

🔧 Temporary Workarounds

Restrict Management Access

all

Limit access to firewall management interface to trusted IP addresses only

Configure firewall rules to restrict management interface access

Network Segmentation

all

Place firewall management interface on separate VLAN with strict access controls

Configure VLAN segmentation and access control lists

🧯 If You Can't Patch

Implement strict network access controls to firewall management interfaces
Monitor for unusual file access patterns or directory traversal attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface or via CLI command 'show version'

Check Version:

show version

Verify Fix Applied:

Verify firmware version is updated beyond vulnerable version and test path traversal attempts

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Directory traversal strings in web logs
Multiple failed access attempts to sensitive paths

Network Indicators:

HTTP requests containing '../' sequences to firewall management interface
Unusual traffic patterns to firewall management ports

SIEM Query:

source="firewall_logs" AND ("../" OR "..\" OR "%2e%2e%2f") AND dest_port=443

📊 Metadata

CVE ID: CVE-2021-31538

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: June 10, 2021

Last Updated: November 21, 2024

🔗 References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-010.txt Exploit,Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-010.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31538, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Lcos Fx by Lancom Systems

Lcos Fx by Lancom Systems

Lcos Fx by Lancom Systems

Lcos Fx by Lancom Systems

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Management Access

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities