Prima FlexAir, an access control platform developed by Prima Systems, was found to have a string of security vulnerabilities. The flaws were discovered by security researcher Gjoko Krstic of Applied Risk. The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding the security issues in FlexAir. A total of nine flaws were detailed in the advisory by CISA.
What is the impact?
In the advisory, CISA describes the risks of exploitation due to these flaws. “Exploitation of these vulnerabilities may allow an attacker to execute commands directly on the operating system, upload malicious files, perform actions with administrative privileges, execute arbitrary code in a user’s browser, discover login credentials, bypass normal authentication, and have full system access,” reads the advisory.
The agency has advised users to update to versions 2.5.12 and has also recommended measures to reduce exploitation.