FortiGuard Outbreak Alert: Nice Linear eMerge Command Injection Vulnerability

kcheung · ‎03-28-2024

Description

Nice Linear eMerge E3-Series is an access control system that is widely used in many environments.

The OS has a command injection vulnerability that allows attackers to perform remote code execution.

Impacted E3 controller models include E3 Essentials, E3 Elite, E3 Enterprise (ProControl)

CVE ID

CVE-2019-7256 (https://nvd.nist.gov/vuln/detail/CVE-2019-7256)

NDR Cloud Detection Rule

FortiNDR Cloud v2024.3+

Detection Rule Name	Category	Primary MITRE ID
FortiGuard Outbreak Alert: Linear eMerge E3-Series Exploitation Access Controller Command Injection (CVE-2019-7256)	Attack: Exploitation	T1190 - Exploit Public-Facing Application

Playbook

N/A

Threat hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Nice Linear eMerge Command Injection Vulnerability” related activities
IOC source: https://www.fortiguard.com/outbreak-ioc?tag=nice%20linear%20emerge%20attack

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below
2029207 → ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection Inbound (CVE-2019-7256)

2029213 → ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection Outbound (CVE-2019-7256)

2033757 → ET EXPLOIT eMerge E3 Command Injection Inbound (CVE-2019-7256)

Other Fortinet Products

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to
https://www.fortiguard.com/outbreak-alert/nice-linear-emerge-attack