CVE-2018-8862

Vulnerability

ATI Systems Emergency Mass Notification Systems (models HPSS16, HPSS32, MHPSS, and ALERT4000) contain an improper authentication vulnerability (CWE-306) [1]. Specially crafted malicious radio transmissions can bypass authentication mechanisms, allowing an attacker to send unauthorized commands to the system. The vulnerability is present in all listed models and can be exploited remotely over radio frequencies.

Exploitation

An attacker needs only a radio transmitter within range of the target system. No authentication or prior access is required. By crafting and sending specific radio packets that mimic legitimate command traffic, the attacker can trigger actions on the system. The attack vector is adjacent network (radio) with high attack complexity due to the need for precise packet crafting [1].

Impact

Successful exploitation allows an attacker to remotely trigger false alarms on the affected emergency notification system. This results in a high integrity impact, as the system's alarm functionality is compromised, potentially causing unnecessary evacuations, panic, or disruption of operations. No confidentiality or availability impact is noted [1].

Mitigation

ATI Systems has developed a patch that adds additional security features to command packets sent over the radio; the patch is available upon request after testing [1]. As a longer-term mitigation, ATI recommends replacing simple voice radios with digital P-25 (APCO) radios that provide encrypted links [1]. Users should contact ATI for patch availability and assess upgrade suitability for their specific systems.