PT-2011-24: Security Restrictions Bypassing in Arbor Peakflow X Vulnerable softwareArbor Peakflow X Version: 4.2.3 and earlierLink: http://www.arbornetworks.com/Severity levelSeverity level: Medium Impact: Security Restrictions Bypassing Access Vector: Remote CVSS v2: Base Score: 6.8 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C)CVE: CVE-2011-4637Software descriptionThe Arbor Networks Peakflow X solution (“Peakflow X”) was purpose-built to meet the demands of the largest enterprises, addressing a wide range of external and internal security threats while maintaining business continuity. It constructs a system-wide view of the entire network, auto-learning host behaviors to determine who talks to whom, and how. Vulnerability descriptionThe specialists of the Positive Research center have detected a Security Restrictions Bypassing vulnerability in Arbor Peakflow X.Any user registered in the system can perform the following actions: - Lock any system users with any privileges except the user "admin." - Unlock any locked system users with any privileges except the user "admin."Example: The following users are registered in the system: admin (default user), admin1, admin2 – in the group system_admin (administrators) analyst1, analyst2 – in the group system_analyst (analysts) user1, user2 – in the group system_user (users) usernotgroup – users who have the right only to enter CLI (login_cli) Then, for example, the user usernotgroup can lock all other users except admin.How to fixUpdate your software up to the latest versionAdvisory status12.07.2011 - Vendor is notified 19.07.2011 - Vendor gets vulnerability details 02.03.2012 - Vendor releases fixed version and details 31.10.2013 - Public disclosureCreditsThe vulnerability was detected by Dmitriy Gutsko, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2011-24 Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/
