Siemens Ruggedcom WIN product Remote Security Restriction Bypass Vulnerability (CVE-2015-1448)

Siemens Ruggedcom WIN product Remote Security Restriction Bypass Vulnerability (CVE-2015-1448)

Release date:
Updated on:

Affected Systems:
Siemens Ruggedcom WIN 72xx
Siemens Ruggedcom WIN 70xx
Siemens Ruggedcom WIN 52xx
Siemens Ruggedcom WIN 51xx
Description:
Bugtraq id: 72521
CVE (CAN) ID: CVE-2015-1448

Siemens Ruggedcom WIN is an efficient and broadband wireless base station User device that complies with IEEE 802.16e standards.

Siemens Ruggedcom WIN51xx device (earlier than ss4.4624.35), WIN52xx device (earlier than ss4.4624.35), WIN70xx device (earlier than BS4.4.4621.32), and WIN72xx device (earlier than kernel, the integrated management service has a remote Security Restriction Bypass Vulnerability. Remote attackers can exploit this vulnerability to bypass the authentication mechanism and perform management operations.

<* Source: vendor

Link: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf
Http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf
*>

Suggestion:
Vendor patch:

Siemens
-------
Siemens has released a Security Bulletin (ssa-753139) and patches for this:
Ssa-753139: Vulnerabilities in Ruggedcom WIN Products
Link: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-753139.pdf

This article permanently updates the link address: