Lucene search

K
certCERTVU:930956
HistoryMar 26, 2015 - 12:00 a.m.

Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem

2015-03-2600:00:00
www.kb.cert.org
38

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.023

Percentile

89.6%

Overview

ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance.

Description

CWE-276**: Incorrect Default Permissions** The instance of rsync included with the InnGate firmware is incorrectly configured to allow the entire filesystem to be read/write without authentication. A remote unauthenticated attacker may read or modify any file on the device’s filesystem. More details can be found in a blog post from Cylance, Inc.

Devices containing affected firmware include:

* IG 3100 model 3100, model 3101
* InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
* InnGate 3.01 G-Series, 3.10 G-Series

Impact

A remote unauthenticated attacker may read or modify any file on the device’s filesystem.

Solution

Update the firmware
According to the ANTlabs Security Advisory, a software update addressing this vulnerability has been released. Users are encouraged to upgrade affected devices’ software as soon as possible. Affected users may contact ANTlabs Support ([email protected]) for more information or to obtain the software update.

If a firmware update is currently not possible, the following workaround may help mitigate this issue.

Block rsync

Administrators may block unrestricted access to the rsync TCP port 873 on the affected network.

Vendor Information

930956

Filter by status: All Affected Not Affected Unknown

Filter by content: __Additional information available

__Sort by: Status Alphabetical

Expand all

Javascript is disabled. Clickhere to view vendors.

ANTlabs __ Affected

Notified: March 03, 2015 Updated: March 26, 2015

Statement Date: March 10, 2015

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

Devices containing affected firmware include:

  * IG 3100 model 3100, model 3101
  * InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
  * InnGate 3.01 G-Series, 3.10 G-Series

According to the , a software update addressing this vulnerability has been released. Users are encouraged to upgrade affected devices’ software as soon as possible. Affected users may contact ANTlabs Support ([email protected]) for more information or to obtain the software update.

Vendor References

CVSS Metrics

Group Score Vector
Base 10 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 8.3 E:F/RL:OF/RC:C
Environmental 6.2 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Credit to Justin W. Clarke of Cylance Inc. for reporting this vulnerability. Also a thank you to ANTlabs for quickly addressing this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2015-0932
Date Public: 2015-03-26 Date First Published:

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.023

Percentile

89.6%