Spirent TestCenter and Avalanche Products Chassis Version Admin Interface <= 5.08 Privilege Escalation
Description
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials.
Impact
The attacker can install and run applications not meant to be used on the management interface of these test appliances.
Known Affected Firmware
| Product | Chasis Version |
|---|---|
| Spirent and C100-MP | <= 5.08 |
Details
An attacker can through the Privilege Escalation vulnerability get root privilege from ssh initial shell (restricted, only for network setting). This vulnerability allows the attacker to install and run applications not meant to be used on the management interface of these test appliances.
Reference
- https://gist.github.com/a05110511t/65d07bc776d7c11b4ccf112a09cca4ab
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11733
Contributor
- CW Tzeng