Create Case
VN 2017-003, Local Access Control (Multiple CVEs)
- Article Type:
- Security Advisory
- Article Number:
- 000060026
- Last Modified:
- 7/26/2018
Summary
Four specific vulnerabilities have been identified in EXOS, which can allow an authenticated user with admin privileges to access the root shell and/or underlying filesystem. Thanks to the research team at IDW Security for identifying and reporting these issues to Extreme Networks.
| ||||||||||||||||||||||||||||||||||||||||||||||||
Products Potentially Affected
|
Impact Details
CVE-2017-14327
Impact: Information disclosure
Attack Vector: local
Affected Platforms: EXOS 16.x / 21.x / 22.x
CVS base score: 4.4 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Description: An authenticated user with admin privileges can get read access to any file on the filesystem.Detail: By obtaining an interactive shell with admin privileges as defined in CVE-2017-14331 (below), it is possible to access system files owned by root and without world read-access.
CVE-2017-14329
Impact: Privilege Escalation (root interactive shell)
Attack Vector: local
Affected Platforms: EXOS 16.x / 21.x / 22.x
CVS base score: 6.7 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Description: An authenticated user with admin privileges can get an interactive root shell on the platform.
Detail: By compounding on CVE-2017-1427 and CVE-2017-14331, one can escalate to root by spawning a new exsh shell in debug mode and invoking an interactive shell with root privileges.
CVE-2017-14330 Impact: Privilege Escalation (root interactive shell)
Attack Vector: local
Affected Platforms: EXOS 16.x / 21.x / 22.x
CVS base score: 6.7 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Description: An authenticated user with admin privileges can get an interactive root shell on the platform.
Detail: It is possible to get an interactive root shell on the platform by creating a process that will run with elevated privileges.
CVE-2017-14331
Impact: Escape from exsh restricted shell
Attack Vector: local
Affected Platforms: EXOS 16.x / 21.x / 22.x
CVS base score: 6.7 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Description: An authenticated user with admin privileges can spawn an interactive shell on the system.
Detail: A user with admin privileges on the switch can invoke an interactive shell with access to the underlying operating system.
|
Repair Recommendations
Each of the CVEs described in this Vulnerability Notice rely upon the ability of an authenticated user with admin privileges to execute scripts to initiate the specific actions defined. As such, mitigation of these issues will be achieved by disallowing scripting when the OS is used in FIPS mode in an upcoming release. The following EXOS releases are expected to include this change to FIPS mode behavior:
|
Legal Notice
This advisory notice is provided on an “as is” basis and Extreme Networks makes no representations or warranties of any kind, expressly disclaiming the warranties of merchantability or fitness for a particular use. Use of the information provided herein or materials linked from this advisory notice is at your own risk. Extreme Networks reserves the right to change or update this document at any time, and expects to update this document as new information becomes available. The information provided herein is applicable to current Extreme Networks products identified herein and is not intended to be any representation of future functionality or compatibility with any third-party technologies referenced herein. This notice shall not change any contract or agreement that you have entered into with Extreme Networks. |
Version
3