KL-001-2017-019 : Sonicwall WXA5000 Console Jail Escape and Privilege Escalation Title: Sonicwall WXA5000 Console Jail Escape and Privilege Escalation Advisory ID: KL-001-2017-019 Publication Date: 2017.10.24 Publication URL: http://ift.tt/2yM65st 1. Vulnerability Details Affected Vendor: Sonicwall Affected Product: WXA5000 WAN Optimization Appliance Affected Version: 1.3.2-10-30 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command Impact: Root Access Attack vector: Console 2. Vulnerability Description The console menu for this appliance can be escaped into a regular sh shell by using encapsulated $() shell commands. Privileges can be escalated to root by using the dirtyc0w exploit. 3. Technical Description ????????????????SonicWALL WAN Optimization Configuration????????????????? ? Show Network Settings ? ? Renew DHCP lease ? ? Show Serial Number ? ? Show Firmware Version ? ? Factory Reset - Restore the device to factory installed state. ? ? Secure Factory Reset - Securely erase hard disk and do Factory Reset. ? ? Upgrade Firmware - Upgrade Firmware via USB stick. ? ?
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment