Spirent TestCenter and Avalanche Products Chassis Version Admin Interface <= 5.08 Privilege Escalation
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials.
The attacker can install and run applications not meant to be used on the management interface of these test appliances.
Product | Chasis Version |
---|---|
Spirent and C100-MP | <= 5.08 |
An attacker can through the Privilege Escalation vulnerability get root privilege from ssh initial shell (restricted, only for network setting). This vulnerability allows the attacker to install and run applications not meant to be used on the management interface of these test appliances.
- https://gist.github.com/a05110511t/65d07bc776d7c11b4ccf112a09cca4ab
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11733
- CW Tzeng