PTZ Cameras

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, spotlighting security flaws in Pan-Tilt-Zoom (PTZ) cameras.

The vulnerabilities, which affect specific PTZOptics camera models, pose a considerable risk to organizations that rely on these devices for surveillance, live streaming, and conference automation.

These flaws could be leveraged by malicious actors to execute OS command injections or bypass authentication controls, exposing sensitive systems to potential breaches.

Vulnerabilities in PTZOptics Cameras: CVE-2024-8956 and CVE-2024-8957

The two vulnerabilities—CVE-2024-8956 and CVE-2024-8957—affect the PT30X-SDI/NDI series of PTZ cameras from PTZOptics. These devices, which are also embedded in various white-label AV equipment, are vulnerable to critical security flaws that could allow attackers to gain unauthorized access and execute arbitrary commands. Here’s an overview of each vulnerability:

  1. CVE-2024-8956: Authentication Bypass Vulnerability

  1. CVSS Score: 9.1 (Critical)
    1. Description: This authentication bypass vulnerability affects the PTZOptics PT30X-SDI and PT30X-NDI-xx-G2 cameras running versions prior to 6.3.40. Due to improper authorization, attackers can remotely access the cameras without authentication. This allows them to leak sensitive data, including usernames, password hashes, and device configuration details. Additionally, attackers can modify or overwrite the configuration files, compromising the system’s integrity.

    1. Impact: The vulnerability provides attackers with the ability to access critical configuration files and potentially disrupt operations by altering camera settings.

  • CVE-2024-8957: OS Command Injection Vulnerability
    • CVSS Score: 9.8 (Critical)
    • Description: This OS command injection vulnerability arises from insufficient validation of the ntp_addr configuration value in the PTZOptics cameras. When the ntp_client service is started, the flaw allows remote attackers to execute arbitrary commands on the affected devices. When combined with the previous authentication bypass vulnerability (CVE-2024-8956), an attacker could leverage both vulnerabilities to perform even more damaging actions, such as executing malicious commands remotely.

    • Impact: Attackers can exploit this flaw to compromise the camera’s operating system, potentially allowing them to gain full control over the device and even spread their attack within a network.

CISA’s Action: Immediate Attention Required

PTZ cameras are widely used across various industries for surveillance, broadcasting, and remote monitoring, making them a prime target for cybercriminals. The authentication bypass vulnerability and OS command injection vulnerability in these cameras represent frequent attack vectors for malicious cyber actors, who often exploit such flaws to gain unauthorized access, exfiltrate sensitive data, or even take control of critical systems.

Organizations that utilize PTZ cameras in their infrastructure are strongly advised to patch these vulnerabilities immediately to mitigate potential security risks. The vulnerabilities disclosed in PTZOptics cameras are part of a broader trend of vulnerabilities in Pan-Tilt-Zoom (PTZ) cameras, which have increasingly become targets for attackers due to their prevalence in critical systems. OS command injection vulnerabilities and authentication bypass vulnerabilities in cameras expose organizations to severe security risks, especially when these devices are connected to the internet without proper safeguards.

PTZ cameras, like many IoT devices, often operate with limited built-in security measures. These devices typically have embedded software and firmware that can be vulnerable to attack, especially when manufacturers fail to release timely security updates. Additionally, the growing use of white-label AV equipment based on third-party camera firmware further complicates the security landscape, as these devices may not receive adequate vendor support.

Both CVE-2024-8956 and CVE-2024-8957 are acknowledged by ValueHD Corporation, the vendor behind the PTZOptics camera models. The company has released a patch for the affected camera models to address these vulnerabilities. Customers using PTZOptics PT30X-SDI and PTZOptics PT30X-NDI-xx-G2 cameras should immediately upgrade to version 6.3.40 or later to prevent exploitation.

Recommendations and Mitigating for PTZ Camera Vulnerabilities

To address the risks by vulnerabilities in PTZ cameras, organizations should implement several best practices to protect their systems from potential exploitation:

  1. As soon as a vendor releases a patch addressing critical vulnerabilities like authentication bypass or OS command injection, organizations should prioritize its installation. Delays in patching can expose devices to active attacks.
  2. Critical devices, including PTZ cameras, should not be exposed directly to the internet. Organizations should segment their networks to isolate critical assets and use firewalls and access controls to limit exposure.
  3. Implementing a patch management process that includes inventory management, patch assessment, testing, and deployment can help ensure that vulnerabilities are addressed in a timely manner across the entire infrastructure.
  4. Organizations should have a clear and tested incident response plan in place to quickly detect, respond to, and recover from security incidents. This plan should be aligned with current threat landscapes and should include procedures for addressing vulnerabilities like those found in PTZ cameras.
  5. Continuous monitoring and logging are essential for identifying suspicious activity and detecting potential threats. Security Information and Event Management (SIEM) systems can help aggregate and correlate logs for real-time threat detection.
  6. Organizations should assess the criticality of any End-of-Life (EOL) products, including PTZ cameras, and plan for timely upgrades or replacements. Using outdated devices increases the risk of exploitation, as they may no longer receive security patches.

Conclusion

The critical vulnerabilities in PTZ cameras, including the OS command injection and authentication bypass vulnerabilities, highlight the importance of securing embedded devices used in modern enterprise environments.

As PTZ camera vulnerabilities become a vector for cyberattacks, organizations must act quickly to patch affected devices and adopt stronger security practices. Timely patching, network segmentation, and comprehensive monitoring are key to protecing systems against the growing threat posed by such vulnerabilities in Pan-Tilt-Zoom cameras.

With active exploitation of these vulnerabilities in the wild, organizations that rely on PTZ cameras should prioritize security assessments and patch management to protect sensitive data and maintain system integrity.

Sources: https://ptzoptics.com/firmware-changelog/

https://www.cisa.gov/news-events/alerts/2024/11/04/cisa-adds-two-known-exploited-vulnerabilities-catalog

The post Critical Vulnerabilities in PTZ Cameras: CISA Adds New Exploits to Its Catalog appeared first on Cyble.