Vulnerability Notice

The following section lists potential vulnerabilities and their impact to ExtremeXOS 16.2.5.

Escape from exsh Restricted Shell (CVE-2017-14331)

This issue is documented in CR xos0069140, which is fixed in ExtremeXOS 16.2.4 (see Resolved Issues in ExtremeXOS 16.2.4).

Important

You must enable FIPS for this fix to take effect.
Impact Escape from exsh restricted shell
Attack Vector local
CVS base score 5.1 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)
Description An authenticated user with admin privileges can spawn an interactive shell on the system.
Detail A user with admin privileges on the switch can invoke an interactive shell with access to the underlying operating system.

Information Disclosure (CVE-2017-14327)

This issue is documented in CR xos0069140, which is fixed in ExtremeXOS 16.2.4 (see Resolved Issues in ExtremeXOS 16.2.4).

Important

You must enable FIPS for this fix to take effect.
Impact Information disclosure
Attack Vector local
CVS base score 5.1 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)
Description An authenticated user with admin privileges can get read access for any file on the filesystem.
Detail By obtaining an interactive shell with admin privileges as defined in CVE-2017-14331 (preceding), you can access system files owned by root and without world read-access.

Privilege Escalation (root interactive shell) (CVE-2017-14329)

This issue is documented in CR xos0069140, which is fixed in ExtremeXOS 16.2.4 (see Resolved Issues in ExtremeXOS 16.2.4).

Important

You must enable FIPS for this fix to take effect.
Impact Privilege escalation (root interactive shell)
Attack Vector local
CVS base score 6.7 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Description An authenticated user with admin privileges can get an interactive root shell on the switch.
Detail By exploiting both CVE-2017-1427 and CVE-2017-14331, you can escalate to root by spawning a new exsh shell in debug mode and invoking an interactive shell with root privileges.

Privilege Escalation (root interactive shell) (CVE-2017-14330)

This issue is documented in CR xos0069140, which is fixed in ExtremeXOS 16.2.4 (see Resolved Issues in ExtremeXOS 16.2.4).

Important

You must enable FIPS for this fix to take effect.
Impact Privilege escalation (root interactive shell)
Attack Vector local
CVS base score 6.7 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Description An authenticated user with admin privileges can get an interactive root shell on the platform.
Detail You can get an interactive root shell on the switch by creating a process that runs with elevated privileges.

Denial-of-Service (CVE-2017-14328)

This issue is documented in CR xos0069140, which is fixed in ExtremeXOS 16.2.4 (see Resolved Issues in ExtremeXOS 16.2.4).

Impact Denial-of-service
Attack Vector remote
CVS base score 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Description A remote user can force the switch to reboot by sending a single, specially crafted packet to the web server.

Session Hijacking (CVE-2017-14332)

This issue is documented in CR xos0069140, which is fixed in ExtremeXOS 16.2.4 (see Resolved Issues in ExtremeXOS 16.2.4).

Impact Session hijacking
Attack Vector remote
CVS base score 9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
Description A remote user can hijack a session on the switch web server.
Detail A remote user can hijack a session on the switch web server by using non-trivial methods to determine the SessionIDs used in authentication.

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

We do not believe that ExtremeXOS 16.2.5 is significantly vulnerable to the “SSL 64-bit Block Size Cipher Suites Supported” (SWEET32) security risk.

For SSL, ExtremeXOS uses the thttpd webserver that is not vulnerable to this type of attack because thttpd does not support persistent SSL connections, which is a requirement of the exploit.

For more information about the SWEET32 threat, see:

https://sweet32.info

https://www.openssl.org/blog/blog/2016/08/24/sweet32/