Christophe Hugueny

**Name of the Vulnerable Software and Affected Versions** Aginode GigaSwitch version v5 **Description** The issue allows attackers to access sensitive information via the use of the SCP command due to insecure permissions. **Recommendations** For Aginode GigaSwitch version v5, consider restricting access to the SCP command as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Aginode GigaSwitch V5 versions prior to 7.06G **Description** The issue allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities. This can be done by exploiting insecure permissions in the device. **Recommendations** For Aginode GigaSwitch V5 versions prior to 7.06G, update to version 7.06G or later to resolve the issue. As a temporary workaround, consider restricting access to firmware upload functionality to minimize the risk of exploitation. Restrict access to the SCP command to prevent attackers from accessing sensitive information.

**Name of the Vulnerable Software and Affected Versions** FOG versions 1.5.10 and earlier **Description** The issue allows local users to gain privileges by mounting a crafted NFS share due to the lack of `no root squash` and insecure settings. To exploit this, an attacker must mount an NFS share and add an executable file as root, then add the SUID bit to this file. **Recommendations** For FOG versions 1.5.10 and earlier, consider disabling the `configureNFS` function in `lib/common/functions.sh` until a patch is available to prevent local users from gaining privileges. Restrict access to mounting NFS shares to minimize the risk of exploitation. Avoid using the SUID bit on executable files in the affected NFS share until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.