Kratos Security Advisory: CVE-2022-38156

Synopsis

SpectalNet Security Update

Type/Severity

Security Advisory / CAT II High CVSS Score of 8.5

Description

SpectralNet Narrowband (NB) versions prior to 1.7.5 contain a bug that can be exploited to result in remote authenticated privilege escalation and code execution. Successful exploitation requires valid login credentials.

Solution

Changing default login credentials and using strong passwords are effective mitigations. The issue is resolved in SpectralNet Narrowband (NB) version 1.7.5 or above.

Affected Products

SpectralNet Narrowband (NB) versions 1.7.4 and below.

Fix

Upgrade to SpectralNet Narrowband (NB) version 1.7.5 or above. This product release includes an important security update with a severity rating of "High". Kratos recommends following industry best practice of changing default login credentials and using strong passwords, which is an effective mitigation for prior product releases.

Credit/Discoverer

Paul Noalhyt, Red Balloon Security