PT-2011-24: Security Restrictions Bypassing in Arbor Peakflow X

Vulnerable software

Arbor Peakflow X
Version: 4.2.3 and earlier

Severity level

Severity level: Medium
Impact: Security Restrictions Bypassing
Access Vector: Remote

CVSS v2:
Base Score: 6.8
Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C)

CVE: CVE-2011-4637

Software description

The Arbor Networks Peakflow X solution (“Peakflow X”) was purpose-built to meet the demands of the largest enterprises, addressing a wide range of external and internal security threats while maintaining business continuity. It constructs a system-wide view of the entire network, auto-learning host behaviors to determine who talks to whom, and how.

Vulnerability description

The specialists of the Positive Research center have detected a Security Restrictions Bypassing vulnerability in Arbor Peakflow X.

Any user registered in the system can perform the following actions:
- Lock any system users with any privileges except the user "admin."
- Unlock any locked system users with any privileges except the user "admin."

Example:
The following users are registered in the system:
admin (default user), admin1, admin2 – in the group system_admin (administrators)
analyst1, analyst2 – in the group system_analyst (analysts)
user1, user2 – in the group system_user (users)
usernotgroup – users who have the right only to enter CLI (login_cli)
Then, for example, the user usernotgroup can lock all other users except admin.

How to fix

Update your software up to the latest version

Advisory status

12.07.2011 - Vendor is notified
19.07.2011 - Vendor gets vulnerability details
02.03.2012 - Vendor releases fixed version and details
31.10.2013 - Public disclosure

Credits

The vulnerability was detected by Dmitriy Gutsko, Positive Research Center (Positive Technologies Company)

References

http://en.securitylab.ru/lab/PT-2011-24

Reports on the vulnerabilities previously discovered by Positive Research:

http://www.ptsecurity.com/research/advisory/
http://en.securitylab.ru/lab/