JNC IAQS and I6 Client-Side Enforcement of Server-Side Security Vulnerability Granting Administrator Privileges
Vulnerability
A vulnerability allowing client-side enforcement of server-side security has been identified in JNC's IAQS and I6 products. This issue enables unauthenticated remote attackers to manipulate the web front-end and gain administrator privileges. The vulnerability arises from inadequate security measures that rely on client-side validation, allowing for unauthorized access to administrative functions.
Impact
Exploitation of this vulnerability allows unauthenticated remote attackers to gain administrator privileges, potentially leading to unauthorized changes in system settings or access to sensitive information.
Remediation
JNC has released a patch for devices using the M4 chip. However, devices with the M3 chip do not support the update and are recommended to be replaced. Users should contact the vendor to confirm which chip their device uses and take appropriate action.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.