Incorrect Access Control in chirpstack-mqtt-forwarder < v4.2.1 and chirpstack-gateway-bridge < v4.0.11
Incorrect Access Control in chirpstack-mqtt-forwarder < v4.2.1 and chirpstack-gateway-bridge < v4.0.11
Incorrect Access Control in chirpstack-mqtt-forwarder < v4.2.1 and chirpstack-gateway-bridge < v4.0.11
| CVE ID | CVE-2024-29862 |
| CVE Link | https://nvd.nist.gov/vuln/detail/CVE-2024-29862 |
| Vendor | ChirpStack |
| Affected Product & Version | chirpstack-mqtt-forwarder < v4.2.1 |
| Vulnerability Type | Incorrect Access Control |
| CVSS Base Score / CVSS Vector | NVD: Awaiting Analysis |
| Author | Martin Weißbach |
| Date | 2024-03-21 |
CVE Details
Description:
Due to a firewall misconfiguration, the Kerlink firewall of chirpstack-mqtt-forwarder and chirpstack-gateway-bridge wrongly accepts TCP packets when using specific TCP source ports. Since the TCP source port of a TCP packet is in control of an attacker, the firewall can be bypassed then setting the source port accordingly thus allowing access to services behind the firewall.
The issue affects chirpstack-mqtt-forwarder before version 4.2.1 and chirpstack-gateway-bridge before 4.0.11.
Remediation:
The issue is fixed in version 4.2.1 of chirpstack-mqtt-forwarder and in version 4.0.11 of chirpstack-gateway-bridge. Still, there is no IPK available for chirpstack-gateway-bridge 4.0.11. The author of ChirpStack Orne Brocaar recommends to move to chirpstack-mqtt-forwarder instead. The installation instructions can be found in the references below.
References:
- https://github.com/chirpstack/chirpstack-gateway-bridge/commit/0c1e80c9fa9f5d093ff62903caedad86ec4640b6
- https://github.com/chirpstack/chirpstack-mqtt-forwarder/commit/4fa9e6eaaec8c3ca49ebfbf6317572671f17700f
- https://www.chirpstack.io/docs/chirpstack-mqtt-forwarder/install/kerlink.html
Timeline:
2024-03-08: Vulnerability reported to ChirpStack
2024-03-11: Vulnerability was fixed
2024-03-21: CVE published