Aginode GigaSwitch Insecure Permissions Vulnerability Allowing Sensitive Information Disclosure

A vulnerability in Aginode GigaSwitch version 5 exists due to insecure permissions, allowing low-privileged users to access sensitive information, such as the administrator's password hash or, under certain conditions, the password in plaintext, using the SCP command. This issue arises from a design flaw that permits unauthorized access to confidential data through the device's configuration files.

Impact

Exploitation of this vulnerability allows unauthorized users to retrieve the administrator's password hash or plaintext password from the device's configuration, potentially leading to unauthorized administrative access.

Reproduction

To reproduce this vulnerability, log in to the affected GigaSwitch device with a standard user account. Use the SCP command to transfer the configuration file from the switch to a local machine. The command should specify the switch's IP address and the appropriate port. Once the file is transferred, the password hash or plaintext password can be extracted from the configuration file.

Remediation

Users can update to Aginode GigaSwitch version 7.07ev or later, where this vulnerability has been addressed. Instructions for updating the firmware are available on the Aginode support website.