Forescout warns of DTEN ‘vulnerabilities’
Forescout Resarch Labs has claimed that it has discovered multiple vulnerabilities in DTEN D5 and D7 conferencing and collaboration systems, highlighting five unique vulnerabilities on enterprise networks that pose a risk to sensitive data within conferencing and collaboration systems.
Researchers at Forescout Research Labs identified data exposure as a potential vulnerability, with PDF files of shared whiteboards and sensitive files such as OTA updates reportedly being stored in a publicly accessible AWS S3 bucket which lacks TLS encryption.
Unauthenticated web servers were also highlighted by the researchers, with a web server running Android OS on port 8080 disclosing all whiteboards stored locally on a device.
Unauthenticated root shell access through Android Debug Bridge could also lead to arbitrary code execution and system administration in addition to full administrative access and a ‘covert’ ability to capture Windows host data from Android, including Zoom meeting content including audio, video and screenshare.
The report stated: “While systems like the DTEN D7 video conferencing solution facilitate better collaboration across geographies and allow teams to become truly global, enterprises need to be mindful of the risks these emerging devices can present on enterprise networks, as well as how the sensitive data they handle is protected on the devices, in the cloud and in transit. In this case, sensitive data included both live meetings and saved artifacts like conversations, recordings, notes, and interactive whiteboards.”
Forescout Rearch Labs disclosed the vulnerability information in accordance with its ‘Forescout vulnerability disclosure policy’ and is working with DTEN to recommend and verify fixes.
DTEN is urging its customers to upgrade their products, with firmware upgrades now available from DTEN that address the vulnerabilities. Update 1.2.3 addresses vulnerabilities on the DTEN D5, with update 1.3.5 available to resolve issues on the DTEN D7.
The report added: “A vulnerable smart collaboration system could provide an open gateway for an attacker to move laterally and compromise an enterprise’s infrastructure and database. Or it could enable a malicious actor to engage in corporate espionage to listen in or watch conference boardrooms and executive offices without detection by the victim organisation. A malicious actor would then be able to remotely eavesdrop without being detected by the victim organisation
"As IoT devices like these become more pervasive in the enterprise, organisations need to carefully consider the security implications and take the necessary risk mitigation steps."