Other official information and services: www.belgium.be

Warning: Multiple high severity vulnerabilities in NEC's EXPRESSCLUSTER X and CLUSTERPRO X

Referentie:

Advisory #2023-139

Versie:

1.0

Geïmpacteerde software:

CLUSTERPRO X Ver5.1 and earlier

EXPRESSCLUSTER X 5.1 and earlier

CLUSTERPRO X SingleServerSafe 5.0 and earlier

EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier

Type:

Missing authentication, Files or Directories Accessible to External Parties, Authentication Bypass Capture-replay Authentication Bypass, Unrestricted Upload of File with Dangerous Type

CVE/CVSS:

CVE-2023-39544 / 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-39545 / 7.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVE-2023-39546 / 7.4 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVE-2023-39547 / 7.5 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2023-39548 / 8.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Datum:

23/11/2023

Bronnen

https://jpn.nec.com/security-info/secinfo/nv23-009_en.html

Risico’s

Multiple high-severity vulnerabilities are affecting NEC's CLUSTERPRO X and EXPRESSCLUSTER X, a software solution for high availability and remote disaster recovery preventing data loss.

All five vulnerabilities have a HIGH impact on Confidentiality and Integrity.

Similar technologies have been targeted in the past during ransomware incidents where they constituted high-value targets for attackers.

Beschrijving

CVE-2023-39544: Missing Authentication

An attacker who can log in to the product can execute arbitrary commands. CVE-2023-39545: Files or Directories Accessible to External Parties An attacker who can log in to the product can obtain files containing credentials via the HTTP API.

CVE-2023-39546: Authentication Bypass

A remote attacker can use the 'Pass-The-Hash Attack' technique and attempt to log in to the product's WebUI as an administrator.

CVE-2023-39547: Capture-replay Authentication Bypass

A remote attacker may obtain sensitive information such as the contents of configuration files.

CVE-2023-39548: Unrestricted Upload of File of any type

A remote attacker can upload and execute an arbitrary script with administrative privileges.

Aanbevolen acties

Patch

The Centre for Cyber Security Belgium strongly recommends system administrators to visit NEC's Support Portal to download and install the patched versions of this software for Windows or Linux.

Windows: https://www.support.nec.co.jp/View.aspx?id=3150116748
Linux: https://www.support.nec.co.jp/View.aspx?id=3150116750

Mitigate

Apply the following workaround to avoid the impacts of these vulnerabilities:

• Disable "Enable WebManager Service" of WebManager/Cluster WebUI.

If disabling WebManager Service is not possible, applying one of the following workarounds may mitigate the impacts of these vulnerabilities:

• Use firewall and block untrusted communication.
• Allow connection requests to WebManager HTTP Port (Default: 29003/TCP) only from the trusted clients.
• Set the communication scheme of WebManager/Cluster WebUI to HTTPS (for EXPRESSCLUSTER X 4.0 and later).

Referenties

http://jvn.jp/en/vu/JVNVU98954968/index.html

https://www.cve.org/CVERecord?id=CVE-2023-39544
https://www.cve.org/CVERecord?id=CVE-2023-39545
https://www.cve.org/CVERecord?id=CVE-2023-39546
https://www.cve.org/CVERecord?id=CVE-2023-39547
https://www.cve.org/CVERecord?id=CVE-2023-39548