[KBA-79137] Critical vulnerability update for RabbitMQ
A critical vulnerability has been identified in some Genetec products that use the RabbitMQ message broker, a third-party component, to communicate with each other.
The vulnerability might put affected products at risk by allowing malicious actors to bypass the authentication process and impersonate other users. This can occur when the server is configured to use TLS or DTLS authentication.
- Mission Control 3.1.0.x
- Mission Control 18.104.22.168 - 3.0.5.x
- Mission Control 22.214.171.124 - 2.13.4.x
- Mission Control 126.96.36.199 - 188.8.131.52
- Mission Control 2.11 GA and SR1
- Airport Operational Manager (AOM) 1.3 - 1.4
- Industrial IoT 184.108.40.206 - 220.127.116.11
- Inter-System Gateway (IS Gateway) 1.0 - 1.1
- Restricted Security Area (RSA) Surveillance 3.4 - 4.2
- Sipelia 2.8 SR1, 2.9 GA, and 2.10 GA
This issue, identified as CVE-2022-37026, originates from a bug in Erlang/OTP that is used by the RabbitMQ message broker.
- Sipelia: Upgrade Sipelia to version 2.12 GA, available from the GTAP Product Download page.
- All other affected products: Upgrade RabbitMQ to version 18.104.22.168, available from the GTAP
Product Download page.
IMPORTANT: If you are running Genetec Mission Control™ 2.11 GA or SR1, or 22.214.171.124 - 126.96.36.199, manually restart the Genetec™ Server service after the upgrade.
The new RabbitMQ installer enforces a strong password policy, which might require updating your password.
This issue will be resolved in the next releases of the affected products.