Perle IOLAN STS/SCS Terminal Servers OS Command Injection Vulnerability

A command injection vulnerability has been identified in Perle IOLAN STS and SCS terminal server models running firmware prior to 6.0. This vulnerability allows authenticated users to inject arbitrary operating system commands with root privileges. The issue arises in the restricted shell accessed via Telnet or SSH, where the 'ps' command fails to properly sanitize arguments. An authenticated attacker can exploit this flaw by injecting shell metacharacters after the 'ps' subcommand, executing arbitrary commands and potentially compromising the entire operating system.

Impact

Exploitation of this vulnerability leads to unauthorized execution of commands with root privileges, allowing for a full compromise of the device's operating system.

Reproduction

To reproduce this vulnerability, an authenticated user must log into a vulnerable Perle IOLAN STS or SCS terminal server model via Telnet or SSH. Once logged in, the user can access the restricted shell and issue the 'ps' command. By appending unsanitized arguments, the user can inject shell metacharacters that will be executed as root, thereby exploiting the command injection vulnerability.

Remediation

Users are advised to update to IOLAN STS/SCS firmware version 6.0 or later, where this vulnerability has been addressed.