Dasan Switch DS2924 Authentication Bypass Vulnerability Allowing Privilege Escalation

A vulnerability allowing authentication bypass has been identified in the Dasan Switch DS2924 web interface, specifically in firmware versions 1.01.18 and 1.02.00. This issue arises from insecure cookie management, which enables attackers to manipulate the 'state' and 'userName' cookies. By doing so, they can gain unauthorized access to the device's web control interface with escalated privileges, potentially compromising the network device.

Impact

Exploiting this vulnerability allows attackers to bypass authentication entirely, gaining unauthorized admin-level access to the device. This access could be used to control the network switch, modify configurations, or execute other malicious actions that disrupt network operations.

Reproduction

To reproduce this vulnerability, open a web browser and navigate to the Dasan Switch DS2924 login page. Once there, use the browser's developer console to set the 'state' cookie to 'login' and the 'userName' cookie to 'admin'. After setting these cookies, refresh the page or directly access the management interface. This will grant admin access without the need for valid login credentials.

Remediation

Administrators are advised to implement secure session management by validating authentication on every request and using stronger session tokens that cannot be easily manipulated. Critical endpoints should require proper authentication and cookies should be encrypted to protect sensitive information. Until these measures are in place, access to the management interface can be restricted through IP filtering, VPNs, or by disabling remote access.