Critical security vulnerability in zebNet products discovered

Published on: 20 February 2022 14:30

On February 18, 2022, a critical security vulnerability was discovered in various zebNet products.

Due to missing and/or insufficient encryption measures in the affected products, a man-in-the-middle attack (MITM) might be possible within the update process of the affected applications.

As a result of this vulnerability, an attacker could theoretically infiltrate the customer system and execute arbitrary code with administrator privileges by manipulating the update process of the affected product.

On February 19, 2022, within a response time of less than 24 hours, zebNet released bug fixed versions for all affected products that are currently under support. Customers that are using an affected product are urgently advised to immediately install the bug fixed version.

Among other things, the bug fixed versions contain increased encryption modules and new signature verification procedures that help to avoid similar security vulnerabilities.

Active exploitation of this security vulnerability is not known to zebNet, so this is purely a precautionary measure.

Bug fixed versions of the affected products are available for download at:
https://www.zebnet.co.uk/support/downloads

List of affected products: