{"vuid":"VU#767044","idnumber":"767044","name":"Hanvon facial recognition (Face ID) devices do not authenticate commands","keywords":["hanvon","biometric","faceid","cwe-306"],"overview":"Hanvon facial recognition (Face ID) devices possibly running software versions prior to 1.007.110 could allow an unauthenticated attacker to modify user and access control information.","clean_desc":"CWE-306: Missing Authentication for Critical Function It has been reported that Hanvon biometric facial recognition devices running software versions prior to 1.007.110 do not authenticate network connections or API commands. Hanvon devices provide a plain-text management protocol/API on port 9922/tcp. An attacker with network access can connect to devices using telnet or a similar terminal or TCP socket utility, with no authentication. It has been reported the following devices are affected: F710, F810, FA007, FK800, and earlier series. It is possible that all Hanvon facial recognition devices could be affected.","impact":"An unauthenticated attacker with network access to vulnerable devices on 9922/tcp could create, modify, and delete user and access control information. This could allow the attacker to bypass authentication and authorization for physical access or time and attendance tracking.","resolution":"Update It has been reported that this vulnerability has been addressed in software version 1.007.110. Affected users are advised to contact their device provider, integrator, or Hanvon to obtain updated software.","workarounds":"Restrict Access As a general good security practice, only allow connections from trusted hosts and networks. Consider running sensitive access control systems on a separate network.","sysaffected":"","thanks":"Thanks to Kelvin Tan Thiam Teck for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://www.hanvon.com/En/products/FaceID/technology/index.html","http://www.hanvon.com/en/products/FaceID/products/index.html","http://cwe.mitre.org/data/definitions/306.html"],"cveids":["CVE-2014-2938"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-03-06T16:41:42Z","publicdate":"2014-05-20T00:00:00Z","datefirstpublished":"2014-05-20T15:10:56Z","dateupdated":"2014-05-20T15:10:57Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"tcp","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"C","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"UR","cvss_collateraldamagepotential":"MH","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"H","cvss_securityrequirementsar":"ND","cvss_basescore":"8.3","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:C/A:P","cvss_temporalscore":"6.2","cvss_environmentalscore":"2.0412603677728","cvss_environmentalvector":"CDP:MH/TD:L/CR:ND/IR:H/AR:ND","metric":0.0,"vulnote":null}