CVE-2022-40187 - OpenCVE

Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Foresightsports	Gc3 Launch Monitor Gc3 Launch Monitor Firmware
Bushnellgolf	Launch Pro Firmware Launch Pro

Configuration 1 [-]

AND

cpe:2.3:o:foresightsports:gc3_launch_monitor_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:foresightsports:gc3_launch_monitor:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:bushnellgolf:launch_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bushnellgolf:launch_pro:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0003.md	Exploit Third Party Advisory
https://wiki.eclipse.org/TCF	Third Party Advisory
https://www.bushnellgolf.com/products/launch-monitors/launch-pro/	Product
https://www.foresightsports.com/gc3	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-13T00:00:00

Updated: 2022-10-13T00:00:00

Reserved: 2022-09-08T00:00:00

Link: CVE-2022-40187

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-13T01:15:19.617

Modified: 2022-10-14T19:59:36.943

Link: CVE-2022-40187

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:foresightsports:gc3_launch_monitor_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B919A869-4D32-4730-A782-9CC2D6FA251F", "versionEndExcluding": "1.5.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:foresightsports:gc3_launch_monitor:-:*:*:*:*:*:*:*", "matchCriteriaId": "0149ED07-40ED-4304-931D-FC65534124BB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bushnellgolf:launch_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "12E2865A-DE4E-4F10-ADFC-5C748E766DCC", "versionEndExcluding": "1.5.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bushnellgolf:launch_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "724A14ED-DD11-4B9E-BDBF-A4C3AEA1CDE9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless access point and the known passphrase of FSSPORTS, an attacker could use this service to modify a device and steal intellectual property."}, {"lang": "es", "value": "Foresight GC3 Launch Monitor versi\u00f3n 1.3.15.68, es enviado con un servicio Target Communication Framework (TCF) habilitado. Este servicio escucha en un puerto TCP en todas las interfaces y permite una depuraci\u00f3n de procesos, la modificaci\u00f3n del sistema de archivos y el acceso al terminal como usuario root. Junto con un punto de acceso inal\u00e1mbrico alojado y la frase de contrase\u00f1a conocida de FSSPORTS, un atacante podr\u00eda usar este servicio para modificar un dispositivo y robar propiedad intelectual"}], "id": "CVE-2022-40187", "lastModified": "2022-10-14T19:59:36.943", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-13T01:15:19.617", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0003.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wiki.eclipse.org/TCF"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.bushnellgolf.com/products/launch-monitors/launch-pro/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.foresightsports.com/gc3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}