Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
The vulnerability involves improper privilege management (CWE-269) — specifically improper use of the SUID (Set User ID) bit on a system binary file. The SUID bit causes the program to execute with the permissions of the file owner (typically root) rather than the permissions of the user invoking it. An attacker with system access can exploit this binary file to obtain elevated privileges without requiring authentication as an administrator.
An attacker can obtain full administrative (root) privileges on the device, enabling complete system takeover, configuration modification, access to protected data, and potentially compromising the network to which the device is connected.
Patches available from the manufacturer should be applied in accordance with references published at https://azure-access.com/security-advisories. Until the fix is implemented, it is recommended to restrict physical and network access to devices exclusively to trusted users and monitor attempts of unauthorized access.
Azure-Access BLU-IC2 in versions up to 1.19.5 (inclusive) and Azure-Access BLU-IC4 in versions up to 1.19.5 (inclusive), including corresponding firmware versions of these devices.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAzure Access Blu Ic2
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic2 Firmware
OSAzure-Access< 1.20Azure Access Blu Ic4
HWAzure-Accesswszystkie wersjeAzure Access Blu Ic4 Firmware
OSAzure-Access< 1.20
Related vulnerabilities
Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4
Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4
Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4
Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4
Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4