ADTSA-2019001: RESTCONF privilege escalation

Version 5

    Description

    A vulnerability has been discovered in NETCONF Access Management (NACM) in which access privileges are not being properly enforced.

     

    On affected products, both privileged and unprivileged users have access to the RESTCONF interface.  After passing authentication, the enforcement of access privileges is managed by NACM.  Due to an implementation error, access privilege enforcement in NACM is not working properly.

     

    The YANG object model accessible via the RESTCONF interface offers some privileged operations that allow the execution of arbitrary commands that run as root on the Linux shell.  Because of this vulnerability, an authenticated unprivileged user can run these privileged operations and thus execute arbitrary commands as root.

     

    CVE ID

     

    Affected Products

    Product FamilySeverityNotes

    PMAA 1.6.2

    PMAA 1.6.3

    High

     

    Mitigating Factors & Recommended Actions

    Product FamilyMitigating FactorsRecommended Actions

    PMAA 1.6.2

    PMAA 1.6.3

    Installations that have not added any unprivileged users are not exploitable.Disable or remove any unprivileged accounts.

     

    Resolution

    Product FamilyResolution

    PMAA 1.6.2

    PMAA 1.6.3

    Upgrade to PMAA 1.6.4 once released.

     

    Revision History

    • Revision A (2019-01-07):  Initial Release