CVE-2024-52288 – This vulnerability in libosdp allows man-in-the... (How to Fix)

Q: What is the severity of CVE-2024-52288?

CVE-2024-52288 has a CVSS score of 5.1 (MEDIUM). This vulnerability in libosdp allows man-in-the-middle attackers to capture and replay OSDP protocol messages, potentially enabling unauthorized access to physical access control systems. It affects systems using vulnerable versions of libosdp for communication between control panels and peripheral devices.

📋 TL;DR

This vulnerability in libosdp allows man-in-the-middle attackers to capture and replay OSDP protocol messages, potentially enabling unauthorized access to physical access control systems. It affects systems using vulnerable versions of libosdp for communication between control panels and peripheral devices.

💻 Affected Systems

Products:

libosdp

Versions: Versions before 3.0.0

Operating Systems: All platforms running libosdp

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all systems using libosdp for OSDP protocol implementation between control panels and peripheral devices

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains unauthorized physical access by replaying valid authentication messages to bypass door access controls

🟠

Likely Case

Temporary disruption of access control systems or unauthorized entry to controlled areas

🟢

If Mitigated

Limited impact due to network segmentation and physical security controls

🌐 Internet-Facing: MEDIUM - Requires MITM position but could affect internet-connected access control systems

🏢 Internal Only: HIGH - Physical access control systems often on internal networks where MITM attacks are feasible

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires MITM position and timing coordination, but detailed advisory provides exploitation methodology

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.0

Vendor Advisory: https://github.com/goToMain/libosdp/security/advisories/GHSA-xhjw-7vh5-qxqm

Restart Required: Yes

Instructions:

1. Identify systems using libosdp. 2. Update to version 3.0.0 or later. 3. Restart affected services. 4. Verify the fix using version check.

🧯 If You Can't Patch

Implement network segmentation to isolate OSDP traffic from untrusted networks
Deploy physical security monitoring to detect unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check libosdp version - if below 3.0.0, system is vulnerable

Check Version:

Check application documentation or build configuration for libosdp version

Verify Fix Applied:

Confirm libosdp version is 3.0.0 or higher and check for commit 298576d9 in source

📡 Detection & Monitoring

Log Indicators:

Unexpected RMAC_I or REPLY_CCRYPT messages
Session resets or anomalies in OSDP protocol logs

Network Indicators:

Repeated OSDP message patterns
Unusual timing in OSDP protocol exchanges

SIEM Query:

Search for OSDP protocol anomalies or repeated authentication messages within short timeframes

📊 Metadata

CVE ID: CVE-2024-52288

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-924

Published: November 11, 2024

Last Updated: November 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52288, you might also want to check these: