Security News > 2020 > January > High Risk Vulnerabilities Addressed in Big Monitoring Fabric

High Risk Vulnerabilities Addressed in Big Monitoring Fabric
2020-01-02 13:03

Two high-severity vulnerabilities recently addressed in the Big Monitoring Fabric application could allow an attacker to remotely access affected systems.

Developed by Big Switch Networks, Big Monitoring Fabric is a hybrid cloud visibility and security solution designed to provide customers with the ability to monitor physical, virtual and cloud environments, all through a single dashboard.

The first bug can be exploited by an unauthenticated remote attacker to gain administrative access to the Big Monitoring Fabric application, as well as SSH console access to the affected system.

The researchers then sent an API request to remove a low-privilege read-only user from the read-only group, then added the user to the admin group, and then authenticated to Big Monitoring Fabric with that user, which now had administrative privileges.

Bishop Fox found the vulnerabilities in Big Monitoring Fabric 7.1.x, but security fixes were delivered to versions 6.2.x, 6.3.x, and 7.0.x of the application as well, given that other customers deployed these iterations in their environments, Big Switch Networks told SecurityWeek via email.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/e_v_V_l3HpE/high-risk-vulnerabilities-addressed-big-monitoring-fabric