Article Details
Scrape Timestamp (UTC): 2024-10-02 15:02:56.582
Original Article Text
Click to Toggle View
CISA: Network switch RCE flaw impacts critical infrastructure. U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. The flaws concern weak authentication problems, allowing bypassing of password requirements, and user input validation issues potentially leading to remote code execution, arbitrary file uploads, and directory traversal. The device is used in critical infrastructure and manufacturing units worldwide, and considering that the flaws are remotely exploitable with low attack complexity, the risk is deemed very high. Currently, no fixes are available, so users are recommended to apply suggested mitigations proposed by the Canadian vendor. The first flaw is tracked as CVE-2024-41925 and is classified as a PHP Remote File Inclusion (RFI) problem stemming from incorrect validation or sanitation of user-supplied file paths. An attacker could use this vulnerability to perform directory traversal, bypass authentication, and execute arbitrary remote code. The second issue, tracked as CVE-2024-45367, is a weak authentication problem arising from improper password verification enforcement on the authentication mechanism. Exploiting this enables an attacker to gain unauthorized access to the switches' management interface, alter configurations, access sensitive data, or pivot to other network points. Both problems were discovered by Claroty Team82 and are rated as critical, with a CVSS v4 score of 9.3. The vulnerabilities impact all ONS-S8 Spectra Aggregation Switch versions up to and including 1.3.7. Securing the switches While CISA has not seen signs of these flaws being actively exploited, system administrators are recommended to perform the following actions to mitigate the flaws: CISA recommends that organizations observing suspicious activity on these devices follow their breach protocols and report the incident to the cybersecurity agency so that it can be tracked and correlated with other incidents.
Daily Brief Summary
U.S. cybersecurity agency CISA has issued warnings about two critical vulnerabilities in Optigo Networks ONS-S8 Aggregation Switch products.
These vulnerabilities allow for both authentication bypass and remote code execution, severely impacting critical infrastructures globally.
Identified flaws include a PHP Remote File Inclusion (RFI) and a weak authentication problem, allowing unauthorized access and potential control over the network switches.
Exploits for these vulnerabilities are currently feasible with low complexity, increasing the risk of potential breaches or disruptions in critical infrastructure and manufacturing sectors.
No existing fixes are available for these vulnerabilities; however, mitigation strategies by the vendor are strongly recommended pending a permanent solution.
The vulnerabilities are rated critical with a CVSS v4 score of 9.3 and impact all versions up to and including 1.3.7 of the firmware.
CISA advises system administrators to apply mitigation measures and remain vigilant by reporting any suspicious activities related to these devices.