Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
An attacker can remotely send crafted data or protocol requests to the vulnerable device, leading to its malfunction or complete downtime. The attack requires no privileges, user interaction, or additional conditions on the attacker's side. The vulnerability is classified as CWE-248, indicating an unhandled exception that can be triggered externally.
An attacker can render the device unavailable (denial of service), interrupting its operation and potentially disrupting physical access control or other critical functions supported by these devices.
Patches available from the manufacturer should be applied in accordance with the references published at https://azure-access.com/security-advisories. Until updates are applied, it is recommended to restrict network access to BLU-IC2 and BLU-IC4 devices, for example through network segmentation or by implementing firewall rules blocking unauthorized traffic.
Azure-Access BLU-IC2 in all versions up to and including 1.19.5, and Azure-Access BLU-IC4 in all versions up to and including 1.19.5 (device firmware and software).
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAzure Access Blu Ic2
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic2 Firmware
OSAzure-Access< 1.20Azure Access Blu Ic4
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic4 Firmware
OSAzure-Access< 1.20
Related vulnerabilities
Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4
Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4
Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4
Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4
Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4