Can you explain this vulnerability to me?

This vulnerability involves an RPC service in the kaba exos 9300 system, specifically the FSMobilePhoneInterface.exe process running on port 4000. The service facilitates communication between internal services and the GUI, sharing status information about Access Managers. However, it does not require any authentication, allowing an attacker to send arbitrary status information, such as door contact statuses, without prior authentication.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

Because the RPC service accepts unauthenticated input, an attacker could manipulate status information related to door contacts and access control. This could lead to false status reports, potentially causing security breaches by misleading the system or operators about the actual state of access points.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by scanning your network for the RPC service running on port 4000, specifically the process FSMobilePhoneInterface.exe associated with the kaba exos 9300 system. Commands such as 'netstat -an | find "4000"' on Windows or 'ss -tuln | grep 4000' on Linux can help identify if the port is open. Additionally, checking running processes for FSMobilePhoneInterface.exe can confirm the presence of the vulnerable service.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting network access to port 4000 to trusted hosts only, implementing firewall rules to block unauthorized access, and monitoring for any unauthorized interactions with the FSMobilePhoneInterface.exe service. Since the service does not require authentication, isolating it from untrusted networks is critical until a patch or update is available.

Useful 0 Not Useful 0