CVE-2024-10381
📋 TL;DR
This vulnerability allows remote attackers to bypass authentication on Matrix Door Controller Cosec Vega FAXQ devices through improper session management in the web interface. Attackers can send specially crafted HTTP requests to gain complete control of affected devices. Organizations using these physical access control systems are at risk.
💻 Affected Systems
- Matrix Door Controller Cosec Vega FAXQ
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of physical access control system allowing unauthorized entry, device reconfiguration, and potential physical security breaches.
Likely Case
Unauthorized access to door control systems enabling attackers to manipulate door locks, access logs, and security settings.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external exploitation.
🎯 Exploit Status
CWE-288 indicates authentication bypass via crafted requests. No authentication required for exploitation based on description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0328
Restart Required: Yes
Instructions:
1. Contact Matrix/Cosec vendor for firmware updates. 2. Check vendor website for security advisories. 3. Apply firmware patches following vendor instructions. 4. Restart devices after patching.
🔧 Temporary Workarounds
Network Isolation
allIsolate door controllers from untrusted networks and internet access
Configure firewall rules to block external access to door controller management interfaces
Access Control Lists
allRestrict management interface access to authorized IP addresses only
Implement network ACLs allowing only trusted management stations to connect to controller web interface
🧯 If You Can't Patch
- Segment door controller network from corporate and internet networks using VLANs/firewalls
- Implement strict network monitoring for unusual HTTP requests to controller management interfaces
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against vendor patched versions. Test web interface for session management weaknesses.Check Version:
Check web interface system information page or vendor-specific CLI commands (vendor-dependent)Verify Fix Applied:
Verify firmware version matches patched version from vendor. Test authentication bypass attempts fail.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests to management interface
- Authentication bypass attempts
- Configuration changes from unauthorized IPs
Network Indicators:
- HTTP requests to door controller management ports from unexpected sources
- Traffic patterns suggesting authentication bypass
SIEM Query:
source_ip NOT IN authorized_management_ips AND dest_port=80|443 AND dest_ip IN door_controllers AND http_method=POST|GET