A high-severity vulnerability has been identified in multiple Primakon products utilizing the Pi Portal 1 component. This flaw allows an unauthenticated remote attacker to execute arbitrary code on the underlying server, potentially leading to a full system compromise, data theft, and service disruption. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this critical risk.

This vulnerability is an unauthenticated remote code execution (RCE) flaw within the Primakon Pi Portal 1. The vulnerability exists due to improper input validation in a core API endpoint responsible for handling data processing. An unauthenticated attacker can send a specially crafted HTTP request to this endpoint, which allows them to execute arbitrary commands on the server with the privileges of the web application service account. Exploitation does not require any user interaction and can be achieved with network access to the vulnerable portal.

This is a high-severity vulnerability with a CVSS score of 8.8. Successful exploitation could have a significant negative impact on the business. An attacker could gain complete control over the affected server, leading to the theft of sensitive corporate or customer data (breach of confidentiality), unauthorized modification or deletion of critical information (loss of integrity), and the ability to render the portal and associated services unavailable (denial of service). The specific risks include regulatory fines from data breaches, reputational damage, financial loss, and major disruption to business operations that rely on the affected Primakon products.

Immediate Action: The primary and most effective mitigation is to apply the security updates provided by Primakon across all affected systems immediately. After patching, it is critical to review access logs and system logs for any signs of compromise that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced monitoring on affected systems. Security teams should look for unusual HTTP requests to the portal's API endpoints, unexpected processes being spawned by the web server's user account (e.g., cmd.exe, powershell.exe, /bin/sh), and anomalous outbound network connections from the portal servers to unknown IP addresses.

Compensating Controls: If patching cannot be performed immediately, implement the following compensating controls:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to block the malicious request patterns associated with this vulnerability.
• Restrict network access to the vulnerable portal, limiting exposure to only trusted IP ranges or requiring VPN access.
• Increase logging levels for the application and underlying server to better detect and respond to exploitation attempts.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the risk of unauthenticated remote code execution, this vulnerability represents a critical threat to the organization. We strongly recommend that the vendor-supplied patches be applied as an emergency change. All internet-facing instances of the Primakon Pi Portal should be considered the highest priority for remediation. Although this vulnerability is not yet on the CISA KEV list, its severity warrants immediate attention to prevent potential exploitation and system compromise.