Published:2020/09/30  Last Updated:2020/09/30

JVN#07426151
InfoCage SiteShell installs their files with improper access permissions

Overview

InfoCage SiteShell installs their files with improper access permissions.

Products Affected

  • Host type SiteShell for IIS V1.4
  • Host type SiteShell for IIS V1.5
  • Host type SiteShell for IIS V1.6
  • Host type SiteShell for IIS prior to revision V2.0.0.6
  • Host type SiteShell for IIS prior to revision V2.1.0.7
  • Host type SiteShell for IIS prior to revision V2.1.1.6
  • Host type SiteShell for IIS prior to revision V3.0.0.11
  • Host type SiteShell for IIS prior to revision V4.0.0.6
  • Host type SiteShell for IIS prior to revision V4.1.0.5
  • Host type SiteShell for IIS prior to revision V4.2.0.1
  • Host type SiteShell for Apache Windows V1.4
  • Host type SiteShell for Apache Windows V1.5
  • Host type SiteShell for Apache Windows V1.6
  • Host type SiteShell for Apache Windows prior to revision V2.0.0.6
  • Host type SiteShell for Apache Windows prior to revision V2.1.0.7
  • Host type SiteShell for Apache Windows prior to revision V2.1.1.6
  • Host type SiteShell for Apache Windows prior to revision V3.0.0.11
  • Host type SiteShell for Apache Windows prior to revision V4.0.0.6
  • Host type SiteShell for Apache Windows prior to revision V4.1.0.5
  • Host type SiteShell for Apache Windows prior to revision V4.2.0.1

Description

InfoCage SiteShell provided by NEC Corporation installs their files with improper access permissions (CWE-732).
Especially, the service executable files can be modified by Everyone users.

Impact

The service executable files may be modified by local users, resulting in arbitrary code execution with an elevated privilege.

Solution

Apply the Patch
Update the software to the appropriate revision according to the information provided by the developer.

The developer has released the following patches:

  • V2.0.0.6
  • V2.1.0.7
  • V2.1.1.6
  • V3.0.0.11
  • V4.0.0.6
  • V4.1.0.5
  • V4.2.0.1
According to the developer, V1.4, V1.5 and V1.6 are End-of-Standard-Support and no patches available, users should upgrade them to V2.0 or higher.

Vendor Status

Vendor Status Last Update Vendor Notes
NEC Corporation Vulnerable 2020/09/30

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score: 7.8
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:L/AC:L/Au:S/C:C/I:C/A:C
Base Score: 6.8
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5632
JVN iPedia JVNDB-2020-000066