Security News > 2021 > December > Garrett walk-through metal detectors can be remotely manipulated
Two widely used walk-through metal detectors made by Garrett are vulnerable to many remotely exploitable flaws that could severely impair their functionality, thus rendering security checkpoints deficient.
Garrett is a well-known US-based manufacturer of hand-held and walk-through metal detectors commonly deployed in security-critical environments such as sports venues, airports, banks, museums, ministries, and courthouses.
Security researchers at Cisco Talos have discovered numerous vulnerabilities that could allow attackers to execute commands or read/modify information on the Garret iC Module version 5.0, which is the component that provides network connectivity to Garrett PD 6500i and Garrett MZ 6100.
CVE-2021-21902 - Authentication bypass vulnerability in the CMA run server of the iC Module, enabling a threat actor to launch a properly-timed network connection through a sequence of requests, leading to session hijacking.
Admins of walk-through Garrett Metal detectors are urged to upgrade their iC Module CMA software to the latest available version to resolve these vulnerabilities.
BleepingComputer has reached out to Garrett to learn more about the impact of these vulnerabilities but has not heard back.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-21902 | Improper Authentication vulnerability in Garrett IC Module CMA 5.0 An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. | 8.1 |