CVE-2024-39373 – TELSAT marKoni FM Transmitters contain a comman... (How to Fix)

Q: What is the severity of CVE-2024-39373?

CVE-2024-39373 has a CVSS score of 7.2 (HIGH). TELSAT marKoni FM Transmitters contain a command injection vulnerability (CWE-77) that allows attackers to execute arbitrary commands by manipulating settings. This could grant administrative access to the transmitter system. Organizations using these FM transmitters are affected.

📋 TL;DR

TELSAT marKoni FM Transmitters contain a command injection vulnerability (CWE-77) that allows attackers to execute arbitrary commands by manipulating settings. This could grant administrative access to the transmitter system. Organizations using these FM transmitters are affected.

💻 Affected Systems

Products:

TELSAT marKoni FM Transmitters

Versions: Specific versions not detailed in advisory; all versions likely affected until patched.

Operating Systems: Embedded/Proprietary OS on transmitter hardware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the web interface/settings manipulation functionality.

📦 What is this software?

Markoni D \(compact\) Firmware by Markoni

View all CVEs affecting Markoni D \(compact\) Firmware →

Markoni Dh \(exciter\+amplifiers\) Firmware by Markoni

View all CVEs affecting Markoni Dh \(exciter\+amplifiers\) Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full administrative control of the transmitter, potentially disrupting broadcasts, modifying transmission parameters, or using the system as a foothold into connected networks.

🟠

Likely Case

Unauthorized access leading to configuration changes, service disruption, or data exfiltration from the transmitter system.

🟢

If Mitigated

Limited impact due to network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH if transmitters are directly exposed to the internet without proper firewalling.

🏢 Internal Only: MEDIUM if accessible from internal networks, requiring attacker to have internal access first.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to manipulate settings, suggesting some level of access is needed, but command injection typically has low complexity once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in advisory; contact TELSAT for updated firmware.

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01

Restart Required: Yes

Instructions:

1. Contact TELSAT for the latest firmware patch. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Restart the transmitter. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate transmitter network from untrusted networks to limit attack surface.

Access Control

all

Restrict access to transmitter management interface to authorized IPs only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate transmitters in a dedicated VLAN.
Apply firewall rules to block all unnecessary inbound traffic to transmitter management interfaces.

🔍 How to Verify

Check if Vulnerable:

Check firmware version against TELSAT's patched version list; if unpatched and accessible, assume vulnerable.

Check Version:

Check via transmitter web interface or CLI (vendor-specific command).

Verify Fix Applied:

Confirm firmware version matches or exceeds the patched version provided by TELSAT.

📡 Detection & Monitoring

Log Indicators:

Unusual configuration changes
Failed login attempts followed by command execution patterns
Unexpected system commands in logs

Network Indicators:

Unusual traffic to transmitter management ports (e.g., HTTP/HTTPS)
Outbound connections from transmitter to unexpected destinations

SIEM Query:

source="transmitter_logs" AND (event="configuration_change" OR command="*;*" OR command="*|*")

📊 Metadata

CVE ID: CVE-2024-39373

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: June 27, 2024

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39373, you might also want to check these: