Advisory: Root privilege escalation from authenticated local console account vulnerability

Grace NacesAdvisories

Publication Date: 1 Sep 2018
Last Updated: 5 Sep 2018

Description

We are aware of a security vulnerability where a local console account user can perform root privileged escalation.

Impact

This is a medium-severity security vulnerability as a local authenticated non-privileged console user can gain root privilege access to the gateway. If remote shell access is enabled and the console default password is not changed after deployment, a remote user can gain root access.

Status

Affected gateway products are:

  1. IG 3100 model 3100, model 3101
  2. InnGate 3.10 E-Series

The following exploit does not affect the following gateway products:

  1. IG 4 Product family: IG 4100, IG 4200, IG 4210 (with Update 12, released on Feb 2017)
  2. SG 4 Product family: SG 4200, SG 4210, SG 4300, SG 4400 (with Update 14, release on Apr 2017)
  3. SSG 4 (with Update 11, release on Feb 2017)
  4. HG 3100 / 4100

Recommended Immediate Action

  1. Change default console and ftponly account passwords.
  2. Disable remote shell access for production systems. Only enable access when necessary.

If you need assistance to perform this, you may contact ANTlabs Technical Support at tech-support@antlabs.com.

Follow up Action

Hotfixes for InnGate 3.10 and IG 3100 are already available. Please update to the latest patches:

We will be publishing more information on our ANTlabs Advisory blog with updates to this security exploit.

ANTlabs Security Response Team