Last week, Primex Wireless was made aware of yet another serious vulnerability discovered in the global IT community. The Bash Code Injection Vulnerability, commonly known as "Shellshock", is very serious and parallels the recent “Heartbleed” security threat in terms of scope and potential risk.
Shellshock is a vulnerability in a commonly used system level software known as Bash, and is used by many Linux-based business systems. It is the shell for CentOS, the Linux-based operating systems used by the Primex Wireless AMP software. With this vulnerability, a hacker could execute arbitrary commands on a machine running the Bash software to obtain private data or manipulate the system.
Primex Wireless Response
We take these threats very seriously, and regard our customers' data integrity and network security among our highest concerns. As is often the case with vulnerabilities such as this one, patches have been released by operating system suppliers that must be applied to secure the software. We have applied the appropriate patches to all Primex hosted AMP 5.x servers to protect our customers using this newest deployment option. No action is required by customers using our hosted AMP 5.x software.
- Customers with AMP 5.0 or newer installed on the LAN-side of their networks are encouraged to obtain the latest operating system updates from CentOS.
- Customers running older versions of AMP software (4.x or older) will first need to upgrade to AMP 5.x, and then apply necessary operating system patches.
- Other Primex devices such as clocks and sensors do not require updates.
We are here to help! If you have additional concerns or questions, please contact Primex Wireless technical support, or feel free to call us at 1-800-404-8112.