virus logo Threat Signal Report

Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256)

Description

What is the vulnerability? Cyber threat actors are actively targeting Linear eMerge E3-Series to exploit a 5-year-old critical vulnerability. The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and full access to the system. The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability.
What is the recommended Mitigation? Nice has released a security bulletin that advises users to apply the latest firmware to mitigate the risk and recommends defensive measures to minimize the risk of exploitation. https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf
What FortiGuard Coverage is available? FortiGuard Labs has an existing IPS signature "Linear.eMerge.card_scan_decoder.php.Command.Injection" to block any attack attempts targeting the vulnerability and has an OT virtual patch available for auto-patching.
Fortinet customers remain protected by the vulnerability; however, it is recommended to apply firmware patches released by the vendor to mitigate any risks.

Telemetry

Appendix

Nice (Security Bulletin)


Date Mar 26, 2024
CVE ID CVE-2019–7256
Threat/
Vulnerability		 Vulnerability
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services