CVE-2017-6079

Name of the Vulnerable Software and Affected Versions Edgewater Networks Edgemarc versions prior to the fixed version

Description The issue is related to the lack of input validation in the HTTP Web-Management component of the Edgewater Networks Edgemarc software. This allows a remote attacker to execute arbitrary commands using a hidden page as a web shell. The hidden page can be used to set user-defined commands, such as specific iptables routes. For example, the wget command can be executed. The vulnerability has been confirmed in firmware as old as 2006. The EwDoor botnet has been attacking US AT&T users through this vulnerability.

Recommendations For versions prior to the fixed version, consider disabling the web-management application until a patch is available. Restrict access to the hidden page that allows user-defined commands to minimize the risk of exploitation. Avoid using the web shell functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.