Web Application FirewallGrandstream.Devices.Invalid.Phonecookie.Command.Injection
Description
This indicates an attack attempt to exploit a Command Execution vulnerability in multiple Grandstream devices.
The vulnerability is caused by an error when the vulnerable software handles a malicious HTTP request. A remote attacker may be able to exploit this to execute arbitrary code on vulnerable systems.
Outbreak Alert
Zerobot is a Go-based botnet that spreads primarily through IoT and web application vulnerabilities. According to Fortinet research analysis the most recent distribution of Zerobot includes additional capabilities such a new DDoS attack capabilities and exploiting Apache vulnerabilities.
Affected Products
Grandstream GAC2500 1.0.3.35
Grandstream GXP2200 1.0.3.27
Grandstream GVC3202 1.0.3.51
Grandstream GXV3275 before 1.0.3.219 Beta
Grandstream GXV3240 before 1.0.3.219 Beta
Impact
System Compromise: Remote attackers can gain control of vulnerable system.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www.grandstream.com/
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-01-20 | 1.00040 |
CVE References
CVE-2019-10655| ID | 1002017282 |
| Created | Jan 20, 2023 |
| Updated | Jan 20, 2023 |
| Outbreak Alert | Zerobot Attack |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Other |
| Affected App | Other |