March 12, 2024 at 07:21AM
Vulnerabilities in Linear building access control products, disclosed in 2019, have led to a security flaw being exploited in attacks. Nortek, the vendor, was slow to address the issues. The vulnerabilities, including CVE-2019-7256, were only fully patched in 2024 after being exploited in the wild. Nice, the acquiring company, released firmware updates to mitigate the issues.
After reviewing the meeting notes, it is clear that there has been a series of vulnerabilities affecting the Linear building access control products, with significant implications for both the company and its customers. The vulnerabilities have been exploited in the wild, leading to potential security risks, including the possibility of cybercriminals launching DDoS attacks and gaining full system access.
Although patches have been released by Nortek and subsequently by Nice following the acquisition, there have been delays in addressing these security flaws. The vulnerabilities seem to stem from a lack of firewall protection in the deployment of telephone entry systems, causing the exposure of devices to the internet.
Moving forward, it’s essential for the company to prioritize network security, ensure proper firewall protection, and expedite the release of firmware updates to mitigate these vulnerabilities effectively. Additionally, communication with security researchers such as Gjoko Krstic, who initially disclosed the vulnerabilities, should be improved to ensure timely response and collaboration in addressing such security concerns.