Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
The RSH service in Infinera MTC-9 firmware versions from R22.1.1.0275 to R23.0 does not require authentication (CWE-306 — lack of access control mechanism). An attacker can use user accounts without passwords to connect to the RSH service without providing credentials. Subsequently, by activating reverse shell, they gain interactive access to the system shell on the targeted device. The entire attack can be conducted remotely over the network without any prior authorization.
An attacker gains full, unauthorized access to the device's operating system, allowing for reading confidential configuration data, modifying settings, disrupting network device operation, and potential lateral movement within the network.
Update Nokia Infinera MTC-9 firmware to version R23.0 or newer. Additionally, it is recommended to disable or restrict access to the RSH service at the network level (firewall, network segmentation) until the patch is deployed. Review and secure or remove user accounts without passwords.
Nokia Infinera MTC-9 with firmware version from R22.1.1.0275 to (but not including) R23.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNokia Infinera Mtc 9
HWNokiawszystkie wersjeNokia Infinera Mtc 9 Firmware
OSNokia22.1.1.0275 – 23.0 (bez)
Related vulnerabilities
Pominięcie uwierzytelnienia SSH w Nokia Infinera MTC-9 umożliwia RCE
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated user...
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the ser...
Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash ...
Command injection w Nokia Wavesuite NOC — RCE przez aplikację webową