CVE-2017-18822

Vulnerability

A vertical privilege escalation vulnerability exists in multiple NETGEAR fully managed switch models, including M4300-28G, M4300-52G, M4300-28G-POE+, M4300-52G-POE+, M4300-8X8F, M4300-12X12F, M4300-24X24F, M4300-24X, M4300-48X, and M4200, running firmware versions prior to 12.0.2.15. The flaw allows a user with low privileges to escalate their privileges to a higher level, such as administrative access. The exact mechanism is not detailed in the available references, but the vulnerability is classified as a vertical privilege escalation [1].

Exploitation

An attacker must have local access to the affected device with low-privileged credentials (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). No user interaction is required. The attacker can exploit the vulnerability by leveraging the low-privileged account to perform actions that grant higher privileges, though the specific steps are not disclosed in the advisory [1].

Impact

Successful exploitation allows the attacker to gain elevated privileges, potentially leading to full administrative control over the switch. This results in a complete compromise of confidentiality, integrity, and availability (C:H/I:H/A:H) of the device and its managed network traffic. The CVSS v3 base score is 7.8 (High) [1].

Mitigation

NETGEAR has released firmware version 12.0.2.15 to address this vulnerability for all affected models. Users are strongly advised to download and install the latest firmware from the NETGEAR Support website. No workarounds are provided, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].