CERTVU:930956Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
89.6%
Overview
ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance.
Description
CWE-276: Incorrect Default Permissions
The instance of rsync included with the InnGate firmware is incorrectly configured to allow the entire filesystem to be read/write without authentication. A remote unauthenticated attacker may read or modify any file on the device’s filesystem. More details can be found in a blog post from Cylance, Inc.
Devices containing affected firmware include:
* IG 3100 model 3100, model 3101
* InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
* InnGate 3.01 G-Series, 3.10 G-Series
Impact
A remote unauthenticated attacker may read or modify any file on the device’s filesystem.
Solution
Update the firmware
According to the ANTlabs Security Advisory, a software update addressing this vulnerability has been released. Users are encouraged to upgrade affected devices’ software as soon as possible. Affected users may contact ANTlabs Support ([email protected]) for more information or to obtain the software update.
If a firmware update is currently not possible, the following workaround may help mitigate this issue.
Block rsync
Administrators may block unrestricted access to the rsync TCP port 873 on the affected network.
Vendor Information
930956
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
ANTlabs __ Affected
Notified: March 03, 2015 Updated: March 26, 2015
Statement Date: March 10, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
Devices containing affected firmware include:
* IG 3100 model 3100, model 3101
* InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
* InnGate 3.01 G-Series, 3.10 G-Series
According to the , a software update addressing this vulnerability has been released. Users are encouraged to upgrade affected devices’ software as soon as possible. Affected users may contact ANTlabs Support ([email protected]) for more information or to obtain the software update.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 8.3 | E:F/RL:OF/RC:C |
| Environmental | 6.2 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133
- <http://blog.cylance.com/spear-team-cve-2015-0932>
- <http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/>
Acknowledgements
Credit to Justin W. Clarke of Cylance Inc. for reporting this vulnerability. Also a thank you to ANTlabs for quickly addressing this vulnerability.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | CVE-2015-0932 |
|---|---|
| Date Public: | 2015-03-26 Date First Published: |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
89.6%