Skip to content

Instantly share code, notes, and snippets.

@a05110511t

a05110511t/Spirent TestCenter and Avalanche Products Privilege Escalation.md Secret

Last active August 21, 2020 03:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save a05110511t/65d07bc776d7c11b4ccf112a09cca4ab to your computer and use it in GitHub Desktop.
Save a05110511t/65d07bc776d7c11b4ccf112a09cca4ab to your computer and use it in GitHub Desktop.
Download ZIP
Spirent TestCenter and Avalanche Products Privilege Escalation
Raw
Spirent TestCenter and Avalanche Products Privilege Escalation.md

Spirent TestCenter and Avalanche Products Chassis Version Admin Interface <= 5.08 Privilege Escalation

Description

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials.

Impact

The attacker can install and run applications not meant to be used on the management interface of these test appliances.

Known Affected Firmware

Product Chasis Version
Spirent and C100-MP <= 5.08

Details

An attacker can through the Privilege Escalation vulnerability get root privilege from ssh initial shell (restricted, only for network setting). This vulnerability allows the attacker to install and run applications not meant to be used on the management interface of these test appliances.

Reference

Contributor

  • CW Tzeng
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment