HERMES42

ALE Security Advisory

MAY 6th – 2024

Vulnerabilities have been discovered in embedded firmware of ALE Phones sets equipped with USB Ports. 

Description of the vulnerabilities:
CVE-2024-29149
This vulnerability allows a bad actor to load a non-ALE firmware, potentially modified, and bypass authentication of the firmware, allowing it to be installed.
CVE-2024-29150
This vulnerability can elevate privileges of an already logged admin up to root level. There is no expected negative effect to users.

 

ALE Has delivered new firmwares for all supported versions listed on the advisory security SA-C0071 Ed 01.

If you need assistance updating your system, please complete the form below.