CVE-2023-36670 – A critical command injection vulnerability in K... (How to Fix)

Q: What is the severity of CVE-2023-36670?

CVE-2023-36670 has a CVSS score of 9.8 (CRITICAL). A critical command injection vulnerability in Kratos NGC-IDU 9.1.0.4 allows remote attackers to execute arbitrary Linux commands as root via crafted TCP requests. This affects organizations using the vulnerable Kratos network gateway device, potentially leading to complete system compromise.

📋 TL;DR

A critical command injection vulnerability in Kratos NGC-IDU 9.1.0.4 allows remote attackers to execute arbitrary Linux commands as root via crafted TCP requests. This affects organizations using the vulnerable Kratos network gateway device, potentially leading to complete system compromise.

💻 Affected Systems

Products:

Kratos NGC-IDU

Versions: 9.1.0.4

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration of the specified version.

📦 What is this software?

Ngc Indoor Unit Firmware by Kratosdefense

View all CVEs affecting Ngc Indoor Unit Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system takeover with root access, data exfiltration, lateral movement to other network segments, and persistent backdoor installation.

🟠

Likely Case

Unauthorized command execution leading to service disruption, configuration changes, or credential theft from the compromised device.

🟢

If Mitigated

Limited impact if device is isolated behind firewalls with strict network access controls and monitored for anomalous traffic.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Remote exploitation via TCP requests without authentication makes this highly accessible to attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.kratosdefense.com/vulnerability-advisories/cve-2023-36670

Restart Required: Yes

Instructions:

1. Contact Kratos support for patch availability. 2. Apply the security update following vendor instructions. 3. Restart the device to activate the fix.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the device behind firewalls to restrict TCP access to trusted sources only.

Access Control Lists

all

Implement network ACLs to block unauthorized TCP connections to the vulnerable service.

🧯 If You Can't Patch

Deploy network monitoring to detect anomalous TCP traffic patterns to the device.
Implement strict outbound filtering to prevent command-and-control communication from compromised devices.

🔍 How to Verify

Check if Vulnerable:

Check device version via administrative interface or console; if running NGC-IDU 9.1.0.4, it is vulnerable.

Check Version:

Consult device documentation for version check commands specific to Kratos NGC-IDU.

Verify Fix Applied:

Verify the device version has been updated to a patched release as specified in the vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution logs
Failed authentication attempts to root
Unexpected process spawns

Network Indicators:

Anomalous TCP connections to device ports
Suspicious payloads in network traffic

SIEM Query:

source="ngc-idu" AND (event="command_execution" OR event="root_access")

📊 Metadata

CVE ID: CVE-2023-36670

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: July 18, 2023

Last Updated: November 21, 2024

🔗 References

https://kratosdefense.com Product
https://www.kratosdefense.com/vulnerability-advisories/cve-2023-36670 Vendor Advisory
https://kratosdefense.com Product
https://www.kratosdefense.com/vulnerability-advisories/cve-2023-36670 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36670, you might also want to check these: