Johannes Kruchem

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an insecure `rand()` function call but also because of missing initialization via `srand()`. As a result, only the PIDs are effectively used as seed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Device (affected versions not specified) **Description** The issue allows for unauthenticated code execution via the firmware upgrade function. This occurs because the device directly executes .patch firmware upgrade files from a USB stick without requiring any prior authentication in the admin interface. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rittal IoT Interface & CMC III Processing Unit (affected versions not specified) **Description** The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing `run.sh` script. The signing process is similar to an HMAC with a long string as key, which is hard-coded in the firmware and is freely available for download. This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poly EagleEye Director II versions prior to 2.2.2.1 **Description** The issue allows all API calls to execute as admin without authentication if a certain file exists, which can be created via an rsync backdoor. **Recommendations** For versions prior to 2.2.2.1, update to version 2.2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to API endpoints to minimize the risk of exploitation. Avoid using API calls that could potentially execute as admin without proper authentication until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Poly Studio versions prior to 3.7.0 **Description** An issue was discovered that allows Command Injection to occur via the `CN` field of a Create Certificate Signing Request (CSR) action. **Recommendations** For versions prior to 3.7.0, update to version 3.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Poly EagleEye Director II versions prior to 2.2.2.1 **Description** An issue was discovered that allows os.system command injection to be achieved by an admin. **Recommendations** For versions prior to 2.2.2.1, update to version 2.2.2.1 or later to resolve the issue. As a temporary workaround, consider restricting admin access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Konica Minolta bizhub MFP devices (affected versions not specified) **Description** The issue concerns an internal Chromium browser in Konica Minolta bizhub MFP devices that executes with root access privileges. This could potentially allow for elevated access to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Konica Minolta bizhub MFP devices before 2022-04-14 **Description** The issue allows a Sandbox Escape. To exploit this, an attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode. **Recommendations** For Konica Minolta bizhub MFP devices before 2022-04-14, update to a version released after 2022-04-14 to resolve the issue. As a temporary workaround, consider restricting physical access to the devices' USB ports to minimize the risk of exploitation.