Zenitel ICX500 and ICX510 Gateway Arbitrary Command Execution Vulnerability

A vulnerability in the Zenitel ICX500 and ICX510 Gateway allows malicious actors to execute arbitrary commands on the underlying system, granting shell access. This exploitation can compromise the device's availability, confidentiality, and integrity. The vulnerability is present in the ICX-AlphaCom System software versions 1.4.3.0, 1.4.3.1, and 1.4.3.3.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the device, allowing attackers to gain shell access and potentially manipulate the system or disrupt its normal functions.

Remediation

Users can upgrade to the latest ICX-AlphaCom version 1.4.3.3, which includes security fixes, through the ICX-Web interface or by using the 'ICX-Core-01.00-jammy-1.4.3.X.apt.tar' package for ICX-Core systems.