Bastillion Command Injection Vulnerability in System Management Module

A command injection vulnerability exists in Bastillion versions through 4.0.1, specifically within the System Management Module. The issue arises from the file 'SystemKtrl.java', where the 'authorized_keys' path parameter is improperly processed, allowing authenticated users with system management privileges to inject and execute arbitrary commands on remote systems during SSH key distribution.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary commands on remote systems managed by Bastillion, potentially leading to unauthorized modification or deletion of system files, exfiltration of sensitive data, privilege escalation, and compromise of SSH authentication integrity.

Reproduction

To reproduce this vulnerability, an authenticated user with system creation or edit privileges can navigate to the system management interface and create a new system. During this process, the 'authorized_keys' path can be manipulated to include command injection payloads, such as appending a command to the path. Once the system is saved, the application will execute the injected commands on the remote system during the SSH key distribution process.