CVE-2018-14649

Name of the Vulnerable Software and Affected Versions Red Hat Ceph Storage versions 2 and 3

Description The issue allows unauthenticated attackers to access a debug shell and escalate privileges. This is due to the ceph-isci-cli package using python-werkzeug in debug shell mode, enabled by setting debug=True in the /usr/bin/rbd-target-api file. Once connected to the debug shell, attackers can execute arbitrary commands remotely with the same privileges as the user running the application, which in the case of Red Hat Ceph Storage 2 and 3, is root level.

Recommendations For Red Hat Ceph Storage versions 2 and 3, consider disabling the debug shell mode in the python-werkzeug library as a temporary workaround until a patch is available. Restrict access to the /usr/bin/rbd-target-api file to minimize the risk of exploitation. Avoid using the ceph-isci-cli package with root level permissions until the issue is resolved.