📄 الوصف (الإنجليزية)
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept.
🤖 ملخص AI
CVE-2020-37042 is a local buffer overflow vulnerability in Frigate Professional 3.36.0.9 affecting the 'Find Computer' feature with a CVSS score of 8.4. An attacker with local access can craft a malicious computer name input to trigger arbitrary code execution. While no public exploit is currently available, the vulnerability poses significant risk to organizations using this software for system management and monitoring.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: Apr 24, 2026 13:55
🇸🇦 التأثير على المملكة العربية السعودية
This vulnerability primarily impacts Saudi government agencies, financial institutions, and large enterprises using Frigate Professional for IT asset management and network monitoring. High-risk sectors include: Banking (SAMA-regulated institutions managing critical infrastructure), Government (NCA, NCSC, and ministry IT departments), Healthcare (MOH facilities), Energy (ARAMCO and related entities), and Telecommunications (STC, Mobily). Local privilege escalation could lead to lateral movement within critical networks and compromise of sensitive systems.
🏢 القطاعات السعودية المتأثرة
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Telecommunications
Large Enterprises with IT Asset Management
🎯 تقنيات MITRE ATT&CK
⚖️ درجة المخاطر السعودية (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
1. IMMEDIATE ACTIONS:
- Identify all systems running Frigate Professional 3.36.0.9 across your organization
- Restrict local access to systems running vulnerable versions
- Implement application whitelisting to prevent unauthorized code execution
- Monitor for suspicious activity in Frigate Professional logs
2. PATCHING GUIDANCE:
- Upgrade Frigate Professional to version 3.36.1.0 or later immediately
- Test patches in non-production environments first
- Schedule patching during maintenance windows with minimal business impact
3. COMPENSATING CONTROLS:
- Implement strict access controls limiting who can use the 'Find Computer' feature
- Deploy Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR)
- Use application sandboxing to isolate Frigate Professional processes
- Enable Windows Defender Exploit Guard on affected systems
4. DETECTION RULES:
- Monitor for abnormally long computer name inputs in Frigate Professional
- Alert on unexpected process creation from Frigate Professional executable
- Track failed and successful authentication attempts to the application
- Monitor for calc.exe or other suspicious process launches from Frigate context
🔧 خطوات المعالجة (العربية)
1. الإجراءات الفورية:
- تحديد جميع الأنظمة التي تقوم بتشغيل Frigate Professional 3.36.0.9 عبر مؤسستك
- تقييد الوصول المحلي للأنظمة التي تقوم بتشغيل الإصدارات الضعيفة
- تنفيذ قائمة بيضاء للتطبيقات لمنع تنفيذ الكود غير المصرح به
- مراقبة النشاط المريب في سجلات Frigate Professional
2. إرشادات التصحيح:
- ترقية Frigate Professional إلى الإصدار 3.36.1.0 أو أحدث فوراً
- اختبار التصحيحات في بيئات غير الإنتاج أولاً
- جدولة التصحيح خلال نوافذ الصيانة بأقل تأثير على العمل
3. الضوابط البديلة:
- تنفيذ ضوابط وصول صارمة تحد من يمكنه استخدام ميزة 'البحث عن الكمبيوتر'
- نشر Data Execution Prevention و Address Space Layout Randomization
- استخدام عزل التطبيقات لعزل عمليات Frigate Professional
- تفعيل Windows Defender Exploit Guard على الأنظمة المتأثرة
4. قواعد الكشف:
- مراقبة مدخلات أسماء الكمبيوتر الطويلة بشكل غير طبيعي في Frigate Professional
- تنبيه عند إنشاء عملية غير متوقعة من ملف Frigate Professional القابل للتنفيذ
- تتبع محاولات المصادقة الفاشلة والناجحة للتطبيق
- مراقبة إطلاق calc.exe أو عمليات مريبة أخرى من سياق Frigate
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.14.2.1 - Secure development policy
ECC 2024 A.12.2.1 - Monitoring and logging
🔵 SAMA CSF
SAMA CSF ID.BE-5.1 - Cybersecurity risk management strategy
SAMA CSF PR.IP-12 - Software, firmware, and information integrity mechanisms
SAMA CSF DE.CM-1 - The network is monitored to detect potential cybersecurity events
🟡 ISO 27001:2022
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.14.2.1 - Secure development policy and procedures
ISO 27001:2022 A.8.1.1 - Screening
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Ensure that all system components and software are protected from known vulnerabilities
🔗 المراجع والمصادر 3