Meinberg fixes several Vulnerabilities in LANTIME Firmware – MBGSA-2023.02b
Security Advisory MBGSA-2023.02 has been updated by the vendor. Another not yet CVE-registered vulnerability was closed in the LTOS web interface.
Since the vulnerability can only be exploited by privileged super users, Meinberg rates the severity as low, but recommends an update to firmware version 7.06.013, see updated Meinberg Advisory.
Meinberg have fixed several vulnerabilities related to their NTP Time Server in LANTIME firmware version 7.06.012.
The firmware update includes vulnerabilities in the following libraries:
curl (CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916), OpenSSL (CVE-2023-0286, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286), libexpat (CVE-2022-43680) und sudo (CVE-2023-22809).
We recommend to install the latest firmware on all Meinberg NTP Time Servers of the affected LANTIME series, in accordance with the Meinberg Advisory.
If you have further questions on this matter or if you require support, please contact our Customer Support.