This vulnerability allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.
Details
Affected product(s):
Axigen 10.3.0.*, 10.3.1.*; fixed starting with 10.3.1.27
Axigen 10.3.2.*. Fixed starting with 10.3.3 (10.3.3.1)
Vulnerability type: Authentication bypass
Affected component(s): Axigen (through WebAdmin)
Pre-requisites: Axigen WebAdmin web interface needs to be exposed; at least one WebAdmin authentication needs to be performed.
Summary: This vulnerability allows unauthenticated attackers to submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account.
Description: Unauthenticated attackers can submit a setAdminPassword operation request, subsequently setting a new arbitrary password for the admin account. After the initial installation and onboarding are completed and a first authentication in WebAdmin is performed, a request is made to set a new admin password. (This request is done without any authentication, hence the only prerequisite to perform this request is that the WebAdmin portal ie accessible for the attacker.)
Acknowledgement: Thomas Vanderhoydonck, Alexander Barakazian and Nabeel Ahmed of NTT Belgium
Solution
Upgrade now from your WebAdmin or download and install Axigen 10.3.3