Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:142546
HistoryJun 21, 2022 - 12:00 a.m.

SMA Technologies OpCon UNIX agent adds the same SSH key to all installations

2022-06-2100:00:00
www.kb.cert.org
23
sma technologies
opcon unix agent
ssh key
root access
vulnerability
ssh key removal
upgrade
cve-2022-2154
sha256
md5
fingerprints
JSON

Overview

SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems.

Description

During OpCon UNIX agent installation and updates, an SSH public key is added to the root account’s authorized_keys file. The corresponding private key titled sma_id_rsa is included with the installation files and is not encrypted with a passphrase. Removal of the OpCon software does not remove the entry from the authorized_keys file.

Impact

An attacker with access to the private key included with the OpCon UNIX agent installation files can gain SSH access as root on affected systems.

Solution

Remove private key

SMA Technologies has provided a tool to address the issue.

Another option is to manually remove the SSH key entry from root’s authorized_keys file. The key can be identified by its fingerprints:

SHA256:qbgTVNkLGI5G7erZqDhte63Vpw+9g88jYCxMuh8cLeg MD5:f1:6c:c9:ba:21:66:ce:7c:5a:55:e2:4d:07:72:cc:31

Depending on the shell and operating system there are various ways to generate fingerprints for public keys listed in authorized_keys.

Upgrade

SMA Technologies reports that “We have updated our UNIX agent version 21.2 package to no longer include (and also remove) any existing vulnerability.”

Acknowledgements

Thanks to Nick Holland at Holland Consulting for researching and reporting this vulnerability.

This document was written by Kevin Stephens.

Vendor Information

142546

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

SMA Technologies __ Affected

Notified: 2022-03-17 Updated: 2022-06-21

Statement Date: March 24, 2022

CVE-2022-2154 Affected

Vendor Statement

On Wednesday, March 16th, SMA was made aware of a critical security vulnerability in the OpCon UNIX agent that affects version 21.2 and earlier of the agent. We have analyzed the reported vulnerability and have created a utility that can be applied to remove the vulnerability from affected systems. The utility should be run as soon as possible to all UNIX/Linux/AIX systems using the OpCon UNIX agent to prevent any potential exploitation.

We have updated our UNIX agent version 21.2 package to no longer include (and also remove) any existing vulnerability.

References

References

Other Information

CVE IDs: CVE-2022-2154
Date Public: 2022-06-21 Date First Published:

Related

cvelist 1
nvd 1
cve 1
ibm 1
cvelist
cvelist
CVE-2022-2154
1976-01-01 00:00:00
nvd
nvd
CVE-2022-2154
2022-09-20 18:15:10
cve
cve
CVE-2022-2154
2022-09-20 18:15:10
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM Operations Analytics Predictive Insights
2023-02-27 15:10:17
JSON
Related for VU:142546
cvelist1nvd1cve1ibm1