Overview
- Description
- An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configuration source code. This affects Spirent TestCenter and Avalanche products which chassis version <= 5.08. The SSH restricted shell is available with default credentials.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:spirent:c100-mp:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D0DA071D-653E-4CD9-9708-C041396DD171"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:spirent:avalanche:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEB912D1-00E8-4A69-B0B8-00282B6B94D3",
"versionEndIncluding": "5.08"
},
{
"criteria": "cpe:2.3:a:spirent:testcenter:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D7A95C4-D1DC-45F6-84B8-29D3F3CD5493",
"versionEndIncluding": "5.08"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]