If you don't believe me, look into the URLs I pasted in the comments. I had to endure reading Spanish and German job posts, so you know this shit is legit. Now, since you all can't speak any language besides English, due to gambling your little lifesavings away while watching Dora the Cuck, I've webscraped many online job portals to find even more newly created jobs with Palantir knowledge as a requirement. Meanwhile, if you find yourself chasing new and emerging vulns but never quite catching up, learn more about how Kenna Security can help you focus on your highest-risk vulnerabilities, rather than headlines, thanks in part to our vulnerability intelligence powered by machine learning.As you retards might have heard, the rumor started that Facebook and Allianz are now throwing $$ at Palantir by incorporating Foundry into their business. Watch this space for regular Vuln of the Month spotlights, which appear on the second Tuesday of each month. Alternatively, you can reach FLIR tech support by phone. Once downloaded and unpacked, the ZIP file includes directions on how to update FLIR AX8 firmware. While we’ve been unable to find online remediation guidelines or a relevant vendor advisory from Teledyne FLIR, we contacted the vendor directly and received a link to a firmware patch that their support staff says will resolve the vulnerability: Bottom lineĪ remotely exploitable, low complexity vuln that requires no authentication, can lead to serious availability impacts, and has proof of concept code published with active exploits…if your organization uses these cameras, it’s time to add CVE-2022-37061 to your fix list. “Gah! They must use Kenna, the leader in risk-based vulnerability management…and they probably read that Vuln of the Month blog.”įBI agents bust through the rear doors and arrest the hackers. “It’s not working! I can’t get control of those cameras!” “Okay, I’m on the network! Let me override the FLIR cameras real quick.” Two men in black sweaters and ski hats huddle over a laptop inside an unmarked van. (Consider it a post-Valentine’s Day gift!)ĮXTERIOR, POWER PLANT REAR ENTRANCE, NIGHT To illustrate the point even further, we’ve cooked up a special Vuln of the Month movie scene just for you. Which is why affected organizations should remediate CVE-2022-37061 ASAP. That itself is a potentially serious risk to certain operations. It’s also a risk because IoT equipment (and operational technology) often isn’t managed as carefully or prioritized as highly as computer systems and applications. At around $1,000, it’s not a cheap gadget, but neither are the things it’s designed to protect. FLIR even found a new market for the product in recent years: yacht owners, who have suffered an increase in fires due to lithium ion battery explosions. For instance, the cameras can alert operators to equipment that’s overheating or if fire breaks out. In many cases, these are systems that human beings rely on for their own comfort and safety. ![]() The unit combines sensitive infrared temperature sensors with camera technology to provide visual monitoring of thermal conditions with equipment, setting off alarms when temperatures fall outside set parameters.ĬVE-2022-37061 is uniquely risky because this camera is vital to ensuring that physical systems and equipment continue to operate safely and securely-and successful exploits can lead to the FLIR AX8 being corrupted and possibly disabled. The FLIR AX8 has been on the market since 2014, protecting data centers, power plants, manufacturing facilities, storage facilities, engine rooms, maritime equipment, and more. It doesn’t happen often, but when it does, we call it out. For once, CVSS and the Kenna Risk Score are in alignment. CVSS 3.X scores it at 9.8 or Critical (we would agree). Authentication/privilege requirements: NoneĬVE-2022-37061 earns a Kenna Risk Score of 94.Our research shows that CVE-2022-37061 meets many of the criteria we look for to be exploited, including: A successful exploit can allow attackers to execute arbitrary commands-which could lead to compromised thermal monitoring and possible outages, service interruptions, and equipment failure. This vulnerability exists in FLIR AX8 cameras up to and including version 1.46.16. ![]() It’s a remote command injection vulnerability in FLIR AX8 thermal imaging cameras, which provide continuous temperature monitoring and alarming to protect electronic and mechanical equipment.įor February’s Vuln of the Month, then, we’re giving you CVE-2022-37061. It’s the post-Valentine’s Day haze! And to express our appreciation for you, we thought we’d dispense with the standard flowers-and-chocolates CVE treatment and go with something really special-a vuln so unique it glows in the dark.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |