Infinera G42 HTTP File Server Path Traversal Vulnerability Allowing Arbitrary File Access and Potential Remote Command Execution

A path traversal vulnerability has been identified in the HTTP File Server service of Infinera G42 devices running version R6.1.3. This vulnerability allows remote authenticated users to read and write any operating system files via HTTP requests. The access is granted through a Basic Authentication method, and files are written with root privileges. Exploitation of this vulnerability could also lead to remote command execution by modifying script files on the operating system.

Impact

Exploitation of this vulnerability could result in unauthorized access to all operating system files, with the potential for remote command execution by altering script files.

Reproduction

To reproduce this vulnerability, authenticate to the affected device using Basic Authentication. Once authenticated, send HTTP requests to the vulnerable endpoint using the PUT method to write files to any location on the device's file system. The files will be written with root privileges. Additionally, the same path traversal technique can be used with the GET method to read any file from the file system.