FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fast_library.cpp creates a boost::asio::ssl::context with tls_client mode and calls set_default_verify_paths() to load CA certificates, but never calls set_verify_mode(boost::asio::ssl::verify_peer). Without this call, OpenSSL performs the TLS handshake without validating the server's certificate chain, making all HTTPS connections vulnerable to man-in-the-middle attacks. This function is used for telemetry reporting to community-stats.fastnetmon.com, which sends system information including CPU model, kernel version, traffic statistics, and software configuration. An attacker can intercept and modify this data or redirect it to a malicious server.
FastNetMon Community Edition fails to verify TLS certificates on outbound HTTPS connections, allowing man-in-the-middle attacks on telemetry data transmission. The vulnerability affects versions through 1.2.9 and exposes sensitive system information including CPU model, kernel version, and traffic statistics.
يفشل FastNetMon Community Edition في التحقق من شهادات TLS على اتصالات HTTPS الصادرة، مما يسمح بهجمات الرجل في الوسط. تؤثر الثغرة على الإصدارات حتى 1.2.9 وتكشف معلومات حساسة عن النظام بما في ذلك نموذج المعالج وإصدار النواة وإحصائيات حركة المرور. يمكن للمهاجمين اعتراض وتعديل بيانات القياس عن بعد أو إعادة توجيهها إلى خادم ضار.
FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections, enabling man-in-the-middle attacks. Telemetry data containing system information, CPU model, kernel version, and traffic statistics can be intercepted and modified by attackers.
Upgrade FastNetMon Community Edition to version 1.3.0 or later. Implement set_verify_mode(boost::asio::ssl::verify_peer) in the execute_web_request_secure() function. Alternatively, disable telemetry reporting if upgrade is not immediately possible, and implement network segmentation to restrict outbound HTTPS connections to trusted endpoints only.
قم بترقية FastNetMon Community Edition إلى الإصدار 1.3.0 أو أحدث. قم بتنفيذ set_verify_mode(boost::asio::ssl::verify_peer) في دالة execute_web_request_secure(). بدلاً من ذلك، قم بتعطيل إعداد التقارير عن بعد إذا لم يكن الترقية ممكنة فوراً، وقم بتنفيذ تقسيم الشبكة لتقييد اتصالات HTTPS الصادرة إلى نقاط نهاية موثوقة فقط.