CVE-2024-7545
📋 TL;DR
This vulnerability allows local attackers to execute arbitrary code with elevated privileges on oFono installations by exploiting a heap-based buffer overflow in the SimToolKit command parser. Attackers need initial code execution on the target modem to trigger the vulnerability. The flaw enables privilege escalation to the service account context.
💻 Affected Systems
- oFono
📦 What is this software?
Ofono by Ofono Project
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via arbitrary code execution with service account privileges, potentially leading to persistent backdoors, data exfiltration, or lateral movement.
Likely Case
Local privilege escalation allowing attackers to gain service account access, modify system configurations, or maintain persistence on compromised devices.
If Mitigated
Limited impact due to proper access controls, network segmentation, and modem isolation preventing initial code execution requirement.
🎯 Exploit Status
Exploitation requires local access and initial code execution on modem, making it more complex than remote vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown specific version - check oFono repository for latest updates
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-1085/
Restart Required: Yes
Instructions:
1. Check oFono version with 'ofonod --version'
2. Update oFono to latest version from official repository
3. Restart oFono service: 'systemctl restart ofono'
4. Verify patch applied with version check
🔧 Temporary Workarounds
Disable STK functionality
linuxTemporarily disable SimToolKit features if not required
Modify oFono configuration to disable STK plugins
Restart oFono service after changes
Restrict modem access
linuxLimit which users/processes can interact with modem interfaces
Set appropriate file permissions on modem device files
Use SELinux/AppArmor policies to restrict oFono
🧯 If You Can't Patch
- Isolate modem interfaces to trusted processes only using mandatory access controls
- Implement strict monitoring for unusual modem communication patterns and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check oFono version and compare against patched releases from official sourceCheck Version:
ofonod --version 2>/dev/null || dpkg -l | grep ofono || rpm -qa | grep ofonoVerify Fix Applied:
Verify oFono version is updated and test STK functionality with malformed PDU inputs if possible📡 Detection & Monitoring
Log Indicators:
- Unusual STK command processing errors in oFono logs
- Multiple failed STK parsing attempts
- Process privilege escalation from user to service account
Network Indicators:
- Abnormal modem communication patterns
- Unexpected STK command traffic to modem interfaces
SIEM Query:
source="ofono.log" AND ("STK" OR "SimToolKit") AND ("overflow" OR "buffer" OR "malformed")