Some attention has been raised lately regarding vulnerabilities in Dualog Connection Suite. This attention is based on findings from the company PenTestPartners (PTP) who have on one occasion tested Dualog Connection Suite version 2.39.
PTP has, per best practices, reported five specific vulnerabilities. In this section, you can find a listing of all the Common Vulnerabilities and Exposures (CVEs) with more detail on each particular vulnerability and their fixes or workarounds.
In summary, Dualog has created fixes for all but one of the CVE's in Dualog Connection Suite release 3.0. We, therefore, encourage all customers to upgrade to the latest version of Connection Suite. You can find the latest installers here.
If you have any questions regarding security or the CVE's in particular, please contact your primary contact in Dualog or send your question to our CISO, Geir Inge Jensen.
If you are a security professional, you can find additional information in our Vulnerability Disclosure Program on our website or by sending an email to firstname.lastname@example.org.