| Overview : | ||||||||
|
||||||||
Quest Foglight Evolve CommandLineService Use of Hard-coded Credentials Remote Code Execution VulnerabilityZDI-20-290
|
| CVE ID | CVE-2020-8868 |
| CVSS SCORE | 9.8, (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) |
| AFFECTED VENDORS | Quest |
| AFFECTED PRODUCTS | Foglight Evolve |
| VULNERABILITY DETAILS | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. |
| ADDITIONAL DETAILS | Quest has issued an update to correct this vulnerability. More details can be found at: https://support.quest.com/foglight/kb/315091/fms-5-9-5-hotfix-hfix-314 |
| DISCLOSURE TIMELINE |
|
| CREDIT | rgod of 9sg |
FMS 5.9.5 Hotfix HFIX-314 (315091)
-
Title
FMS 5.9.5 Hotfix HFIX-314 -
Description
Quest Foglight CommandLineService Use of Hard-coded Credentials Remote Code Execution Vulnerability. -
Cause
Defect ID Resolved Issue
FGL-20406 Fixed issue regarding Foglight Remote Code Execution Vulnerability ZDI-CAN-9553 -
Resolution
Resolution
Download the hotfix file for Foglight here.
Download the hotfix file for Foglight for Evolve here.
Download the hotfix file for Foglight for Virtualization here.
Download the hotfix file for Foglight for Database here.
Download the hotfix file for Foglight for Storage here.
Compatibility of this hotfix
- Foglight Management Server 5.9.2, 5.9.3, 5.9.4, 5.9.5 and 5.9.6 All platforms
- Fogligh Evolve 9.0 and 9.1 All platforms
- Foglight for Virtualization Enterprise 8.7.5, 8.8, 8.8.5, 8.9 and 8.9.1 All platforms
- Foglight for Database 5.9.2, 5.9.3, 5.9.5 All platforms
- Foglight for Storage 4.5.5, 4.6, 4.6.5, 4.7 and 4.8 All platforms
System requirements
This hotfix can be applied to all platforms and systems that are supported from Foglight 5.9.2 to 5.9.6.
Installing this hotfix
-
-
- Extract the hotfix script reset_internal_accounts_pwd.groovy from the hotfix archive
- For HA environment, stop all secondary nodes
- Run the script reset_internal_accounts_pwd.groovy using foglight adminitration acount:Option 1: Run the script from Foglight UI (User Interface)
Navigate to Script Editor (Administration > Tooling > Script Console > Scripts tab):
-
-
- Click the “Add” button
- Paste in the script in the Script box and click Run. Note that it may take some time to complete.
-
- Option 2: Run the script from Foglight Command Line:
- Make a remote connection to Foglight Management Server, then copy and and paste the script file into the %FMS_HOME\bin directory and type the following:
Windows: %FMS_HOME\bin\fglcmd.bat -usr foglight -pwd -cmd script:run -f %FMS_HOME\reset_internal_accounts_pwd.groovy Linux: %FMS_HOME/bin/fglcmd.sh -usr foglight -pwd -cmd script:run -f %FMS_HOME/bin/reset_internal_accounts_pwd.groovy
Check script output of success message:
Password reset success for __report__ Password reset success for __service__
- Restart FMS Server
- For HA environment, start all secondary nodes
Verifying successful completion
To determine if this hotfix is installed:
You get success message from script output
Removing this hotfix
This hotfix cannot be uninstalled.
