PT-2011-24: Security Restrictions Bypassing in Arbor Peakflow X
Arbor Peakflow X
Version: 4.2.3 and earlier
Severity level: Medium
Impact: Security Restrictions Bypassing
Access Vector: Remote
Base Score: 6.8
The Arbor Networks Peakflow X solution (“Peakflow X”) was purpose-built to meet the demands of the largest enterprises, addressing a wide range of external and internal security threats while maintaining business continuity. It constructs a system-wide view of the entire network, auto-learning host behaviors to determine who talks to whom, and how.
The specialists of the Positive Research center have detected a Security Restrictions Bypassing vulnerability in Arbor Peakflow X.
Any user registered in the system can perform the following actions:
- Lock any system users with any privileges except the user "admin."
- Unlock any locked system users with any privileges except the user "admin."
The following users are registered in the system:
admin (default user), admin1, admin2 – in the group system_admin (administrators)
analyst1, analyst2 – in the group system_analyst (analysts)
user1, user2 – in the group system_user (users)
usernotgroup – users who have the right only to enter CLI (login_cli)
Then, for example, the user usernotgroup can lock all other users except admin.
How to fix
Update your software up to the latest version
12.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
02.03.2012 - Vendor releases fixed version and details
31.10.2013 - Public disclosure
The vulnerability was detected by Dmitriy Gutsko, Positive Research Center (Positive Technologies Company)
Reports on the vulnerabilities previously discovered by Positive Research: