Executive Summary

Summary
Title SMA Technologies OpCon UNIX agent adds the same SSH key to all installations
Informations
Name VU#142546 First vendor Publication 2022-06-21
Vendor VU-CERT Last vendor Modification 2022-06-21
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Overall CVSS Score 7.2
Base Score 7.2 Environmental Score 7.2
impact SubScore 6 Temporal Score 7.2
Exploitabality Sub Score 0.5
 
Attack Vector Physical Attack Complexity Low
Privileges Required High User Interaction None
Scope Changed Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Overview

SMA Technologies OpCon UNIX agent adds the same SSH key on every installation and subsequent updates. An attacker with access to the private key can gain root access on affected systems.

Description

During OpCon UNIX agent installation and updates, an SSH public key is added to the root account's authorized_keys file. The corresponding private key titled sma_id_rsa is included with the installation files and is not encrypted with a passphrase. Removal of the OpCon software does not remove the entry from the authorized_keys file.

Impact

An attacker with access to the private key included with the OpCon UNIX agent installation files can gain SSH access as root on affected systems.

Solution

Remove private key

SMA Technologies has provided a tool to address the issue.

Another option is to manually remove the SSH key entry from root's authorized_keys file. The key can be identified by its fingerprints:

SHA256:qbgTVNkLGI5G7erZqDhte63Vpw+9g88jYCxMuh8cLegMD5:f1:6c:c9:ba:21:66:ce:7c:5a:55:e2:4d:07:72:cc:31

Depending on the shell and operating system there are various ways to generate fingerprints for public keys listed in authorized_keys.

Upgrade

SMA Technologies reports that "We have updated our UNIX agent version 21.2 package to no longer include (and also remove) any existing vulnerability."

Acknowledgements

Thanks to Nick Holland at Holland Consulting for researching and reporting this vulnerability.

This document was written by Kevin Stephens.

Original Source

Url : https://kb.cert.org/vuls/id/142546

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2022-10-05 02:19:01
  • Multiple Updates
2022-10-05 00:34:45
  • Multiple Updates
2022-06-21 21:22:00
  • First insertion