CVE-2021-43388
📋 TL;DR
The Unisys Cargo Mobile Application before version 1.2.29 stores sensitive information in cleartext, making it visible in device backups. This vulnerability affects users of the mobile application on Android devices where backups are enabled. Attackers could access sensitive data through backup files if they gain physical or logical access to the device.
💻 Affected Systems
- Unisys Cargo Mobile Application
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Sensitive cargo logistics data, authentication credentials, or business information could be extracted from backup files, leading to data breaches, operational disruption, or supply chain attacks.
Likely Case
Unauthorized access to backup files containing sensitive application data, potentially exposing business information or user credentials.
If Mitigated
Minimal impact if backups are disabled and proper mobile device management controls are implemented.
🎯 Exploit Status
Exploitation requires access to device backup files, which typically requires physical access or compromised backup storage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.29 and later
Vendor Advisory: https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=65
Restart Required: Yes
Instructions:
1. Update Unisys Cargo Mobile Application to version 1.2.29 or later from official app store. 2. Restart the application after update. 3. Verify the allowBackup flag is set to False in the application manifest.
🔧 Temporary Workarounds
Disable Android Backup for Application
androidManually disable backup functionality for the Unisys Cargo app through Android settings
Disable Device Backup Entirely
androidTurn off Android backup services to prevent any application data from being backed up
🧯 If You Can't Patch
- Disable Android backup functionality for the Unisys Cargo application in device settings
- Implement mobile device management (MDM) policies to restrict backup of sensitive applications
🔍 How to Verify
Check if Vulnerable:
Check application version in app settings. If version is below 1.2.29, the application is vulnerable.Check Version:
Check in Android Settings > Apps > Unisys Cargo > App InfoVerify Fix Applied:
Verify application version is 1.2.29 or higher. Check Android backup settings to confirm Unisys Cargo app backup is disabled.📡 Detection & Monitoring
Log Indicators:
- Unusual backup file access patterns
- Access to application data directories by unauthorized processes
Network Indicators:
- Unexpected backup file transfers to external storage or cloud services
SIEM Query:
Search for backup-related events involving Unisys Cargo application data directories