Executive Summary

Summary
Title Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem
Informations
Name VU#930956 First vendor Publication 2015-03-26
Vendor VU-CERT Last vendor Modification 2015-03-26
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#930956

Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

Original Release date: 26 Mar 2015 | Last revised: 26 Mar 2015

Overview

ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance.

Description

CWE-276: Incorrect Default Permissions

The instance of rsync included with the InnGate firmware is incorrectly configured to allow the entire filesystem to be read/write without authentication. A remote unauthenticated attacker may read or modify any file on the device's filesystem. More details can be found in a blog post from Cylance, Inc.

Devices containing affected firmware include:

  • IG 3100 model 3100, model 3101
  • InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
  • InnGate 3.01 G-Series, 3.10 G-Series

Impact

A remote unauthenticated attacker may read or modify any file on the device's filesystem.

Solution

Update the firmware
According to the ANTlabs Security Advisory, a software update addressing this vulnerability has been released. Users are encouraged to upgrade affected devices' software as soon as possible. Affected users may contact ANTlabs Support (tech-support@antlabs.com) for more information or to obtain the software update.

If a firmware update is currently not possible, the following workaround may help mitigate this issue.

Block rsync

Administrators may block unrestricted access to the rsync TCP port 873 on the affected network.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
ANTlabsAffected03 Mar 201526 Mar 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.3E:F/RL:OF/RC:C
Environmental6.2CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133
  • http://blog.cylance.com/spear-team-cve-2015-0932
  • http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/

Credit

Credit to Justin W. Clarke of Cylance Inc. for reporting this vulnerability. Also a thank you to ANTlabs for quickly addressing this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-0932
  • Date Public:26 Mar 2015
  • Date First Published:26 Mar 2015
  • Date Last Updated:26 Mar 2015
  • Document Revision:48

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/930956

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-04-06 21:30:53
  • Multiple Updates
2015-04-05 09:29:49
  • Multiple Updates
2015-03-26 17:24:41
  • First insertion