External risk intelligence

Kramer VIA Devices Remote Code Extraction Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2023-33468

The affected products are KramerAV VIA collaboration and presentation devices, which are frequently deployed in conference rooms and meeting spaces as network-accessible appliances to facilitate wireless connectivity, screen sharing, and remote collaboration, often placing them in reachable network segments.

Kramerav Via Go2 Firmware

before 4.0.1.1326

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A remote manipulation vulnerability exists in certain KramerAV VIA collaboration and presentation devices, allowing unauthorized access to connection confirmation codes. This could potentially lead to unauthorized control and access to network resources.

  • Remote code extraction without physical access.
  • Enables unauthorized control of collaboration devices.
  • Confirm device relevance and exposure.

Attack Path

How an attacker could exploit the issue

An attacker can remotely target KramerAV VIA Connect and VIA Go devices that are exposed to the network. By exploiting this vulnerability, an attacker can bypass the need to physically obtain a connection confirmation code, potentially leading to unauthorized remote control and manipulation of the device.

  • No specific access required.
  • Remotely bypass confirmation code.
  • Full device manipulation risk.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated remote attacker to bypass connection confirmation steps, potentially leading to unauthorized access to shared content or control of the device's presentation functions when the device is accessible over a network.

  • Presentation device connection confirmation.
  • Remotely extract confirmation code.
  • Unauthorized access to shared content.

Operational Fix

Recommended remediation, mitigation, and detection steps

Remote manipulation of KramerAV VIA Connect and VIA Go devices is likely a concern for the platform or infrastructure teams responsible for collaboration and meeting room technology. The first practical step is to identify all instances of these devices, assess their network reachability and business criticality, and then determine the accountable owner for remediation.

  • Platform or infrastructure teams should own the issue.
  • Verify device network exposure and criticality.
  • Plan remediation or vendor coordination.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is KramerAV VIA Connect and VIA Go?

These are collaboration and presentation devices used in conference rooms and meeting spaces. They enable wireless screen sharing and remote collaboration by acting as network-accessible appliances that bridge physical meeting room displays with user devices.

What does CWE-863 mean for CVE-2023-33468?

CWE-863 refers to Incorrect Authorization. In the context of this CVE, it means the device fails to properly verify if a user has the right to access specific functions. An attacker can bypass authorization controls to remotely retrieve the connection confirmation code, which is normally only visible to those physically present in the room.

How does an attacker trigger this vulnerability?

An attacker triggers this by sending unauthorized network requests to the device. The vulnerability specifically allows them to extract the connection confirmation code remotely. It is important to note that this flaw does not require the attacker to have physical access to the room or be in visual range of the device's display screen to obtain the code.

Is my device at risk if it is not on the public internet?

Halo Surface Signal indicates these devices are frequently deployed in reachable network segments within organizations. While internet-facing devices are at the highest risk, any device accessible within your internal network is a potential target, as an attacker who has gained a foothold in your local network can reach these collaboration appliances.

What should I do to address this issue?

Start by identifying all instances of VIA Connect and VIA Go devices within your infrastructure. Determine which devices are reachable over the network and verify their current firmware versions. If a device is running a version earlier than 4.0.1.1326, coordinate with your internal team or vendor representative to plan for the necessary firmware update to remediate the vulnerability.

References