{"vuid":"VU#930956","idnumber":"930956","name":"Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem","keywords":["CVE-2015-0932","rsync","CWE-276"],"overview":"ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance.","clean_desc":"CWE-276: Incorrect Default Permissions The instance of rsync included with the InnGate firmware is incorrectly configured to allow the entire filesystem to be read/write without authentication. A remote unauthenticated attacker may read or modify any file on the device's filesystem. More details can be found in a blog post from Cylance, Inc. Devices containing affected firmware include: IG 3100 model 3100, model 3101\nInnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series\nInnGate 3.01 G-Series, 3.10 G-Series","impact":"A remote unauthenticated attacker may read or modify any file on the device's filesystem.","resolution":"Update the firmware According to the ANTlabs Security Advisory, a software update addressing this vulnerability has been released. Users are encouraged to upgrade affected devices' software as soon as possible. Affected users may contact ANTlabs Support (tech-support@antlabs.com) for more information or to obtain the software update. If a firmware update is currently not possible, the following workaround may help mitigate this issue.","workarounds":"Block rsync Administrators may block unrestricted access to the rsync TCP port 873 on the affected network.","sysaffected":"","thanks":"Credit to Justin W. Clarke of Cylance Inc. for reporting this vulnerability. Also a thank you to ANTlabs for quickly addressing this vulnerability.","author":"This document was written by Garret Wassermann.","public":["http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133","http://blog.cylance.com/spear-team-cve-2015-0932","http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/"],"cveids":["CVE-2015-0932"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-02-17T13:00:41Z","publicdate":"2015-03-26T00:00:00Z","datefirstpublished":"2015-03-26T13:23:54Z","dateupdated":"2015-03-26T14:59:03Z","revision":50,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.3","cvss_environmentalscore":"6.19533741456","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}