Threat Signal ReportNice Linear eMerge Command Injection Vulnerability (CVE-2019–7256)
Description
| What is the vulnerability? |
Cyber threat actors are actively targeting Linear eMerge E3-Series to exploit a 5-year-old critical vulnerability. The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and full access to the system.
The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability. |
| What is the recommended Mitigation? |
Nice has released a security bulletin that advises users to apply the latest firmware to mitigate the risk and recommends defensive measures to minimize the risk of exploitation. https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf |
| What FortiGuard Coverage is available? |
FortiGuard Labs has an existing IPS signature "Linear.eMerge.card_scan_decoder.php.Command.Injection" to block any attack attempts targeting the vulnerability and has an OT virtual patch available for auto-patching. Fortinet customers remain protected by the vulnerability; however, it is recommended to apply firmware patches released by the vendor to mitigate any risks. |
Outbreak Alert
The vulnerability tracked as CVE-2019-7256 affecting an access control system called Linear eMerge E3-Series is affected by an OS command injection flaw that could allow an attacker to cause remote code execution and full access to the system.
Appendix
Nice (Security Bulletin)
✖
