PT-2020-12813 · Spirent · Spirent Testcenter+1

A05110511T

Published

2020-08-13

Updated

2021-07-21

CVE-2020-11733

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Spirent TestCenter and Avalanche appliance admin interface firmware versions <= 5.08

Description An issue allows an attacker with access to an SSH restricted shell to achieve root access via shell metacharacters. This enables the attacker to read sensitive files, such as appliance admin configuration source code. The SSH restricted shell is accessible with default credentials.

Recommendations For versions <= 5.08, update the firmware to a version that includes a fix for this issue, ensuring that default credentials are changed to prevent unauthorized access to the SSH restricted shell. As a temporary workaround, consider restricting access to the SSH restricted shell until a patch is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-11733

Affected Products

Avalanche

Spirent Testcenter

PT-2020-12813 · Spirent · Spirent Testcenter+1

CVE-2020-11733

Weakness Enumeration

Related Identifiers

Affected Products

References · 4