Avigilon: vulnerabilità CVE-2022-26809

Recentemente una vulnerabilità nel protocollo RPC di Microsoft è stata divulgata pubblicamente (CVE-2022-26809).

La vulnerabilità può avere un impatto sulle workstation, HDVA e NVR Avigilon che eseguono Windows.

Di seguito il comunicato ufficiale di Avigilon:

“Recently, a vulnerability with Microsoft’s Remote Procedure Call runtime (RPC) was publicly disclosed (CVE-2022-26809). According to our assessment, the vulnerability may impact Avigilon Workstations, HDVAs and NVRs that are running Windows. It is recommended that customers follow the Microsoft advisory and apply the April 2022 security updates from Microsoft to their Avigilon recorders and workstations as soon as possible. Motorola Solutions does not provide any warranty related to Microsoft’s product or security updates.

Please note that the analysis and recommendations contained in this letter are intended as suggested guidelines and for informational purposes only. Motorola Solutions does not guarantee, and disclaims all warranties, that any of its products are immune from a potential cyber attack. Adhering to any of the advice contained in this letter may still result in a virus infecting your Avigilon product. In general, Motorola Solutions recommends keeping all software and firmware up to date as best practice from an information security perspective.

We are committed to protecting our customers, and while we continue to conduct ongoing investigations, we will keep our customers informed as further information becomes available.“