CVE-2023-36669

Name of the Vulnerable Software and Affected Versions Kratos NGC Indoor Unit (IDU) versions prior to 11.4

Description The issue allows remote attackers to obtain arbitrary control of the IDU/ODU system due to missing authentication for a critical function. Attackers with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) by sending crafted TCP requests to the IDU.

Recommendations For versions prior to 11.4, update to version 11.4 or later to resolve the issue. As a temporary workaround, consider restricting layer-3 network access to the IDU to minimize the risk of exploitation.