A critical vulnerability in the SMA Technologies OpCon UNIX agent results in the same SSH key being deployed with all installations.
Aimed at financial institutions and insurance firms, OpCon is a cross-platform process automation and orchestration solution that can be used for the management of workloads across business-critical operations.
Tracked as CVE-2022-2154, the issue results in the same SSH key being delivered on every installation and subsequent updates, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University explains in an advisory.
The SSH public key is added to the root account’s authorized_keys file during the agent’s installation, and the entry remains there even after the OpCon software has been removed.
The installation files also include a corresponding, unencrypted private key named “sma_id_rsa.”
“An attacker with access to the private key included with the OpCon UNIX agent installation files can gain SSH access as root on affected systems,” CERT/CC noted.
The bug impacts version 21.2 and earlier of the OpCon UNIX agent. SMA Technologies, which was informed of the security issue in March, told CERT/CC that it has already updated the version 21.2 package to remove the vulnerability.
“We have analyzed the reported vulnerability and have created a utility that can be applied to remove the vulnerability from affected systems. The utility should be run as soon as possible to all UNIX/Linux/AIX systems using the OpCon UNIX agent to prevent any potential exploitation,” the company said.
SMA says its removal tool checks the authorized_keys file for the vulnerable SSH key and moves it from there, while informing the user that it has found and removed it. It also removes the vulnerable public and private keys from other folders where they might reside.
The issue can also be addressed by manually removing the SSH key entry from root’s authorized_keys file, CERT/CC notes.
Related: Cisco Patches Critical Vulnerability in Email Security Appliance
Related: ‘Follina’ Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware
Related: Critical U-Boot Vulnerability Allows Rooting of Embedded Systems
More from Ionut Arghire
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- GitHub Rotates Publicly Exposed RSA SSH Private Key
Latest News
- QuSecure and Accenture Test Multi-Orbit Communications Link Using Post-Quantum Cryptography
- What Makes an Effective Anti-Bot Solution?
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Video: How to Build Resilience Against Emerging Cyber Threats
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
