Vulnerability in sshrelay in privileged access manager provides full system access.

Vulnerability

CVE-2020-11847 is a command injection vulnerability in NetIQ Privileged Access Manager (PAM). An authenticated SSH user can execute arbitrary OS commands using bash when accessing the PAM server. This affects all versions of Privileged Access Manager before 3.7.0.1 (Patch Update 1). The exact component is not specified in the available reference, but the vulnerability allows command execution via the SSH session [1].

Exploitation

An attacker must have valid SSH credentials to authenticate to the PAM server. Once authenticated, the attacker can execute arbitrary OS commands by leveraging the bash shell. The reference does not provide specific exploitation steps, but the attack vector involves sending crafted input during the SSH session to trigger command execution [1].

Impact

Successful exploitation grants the attacker full system access with the privileges of the PAM server process. This can lead to complete compromise of the affected system, including data exfiltration, installation of backdoors, and lateral movement within the network. The impact is severe due to the high privileges obtained [1].

Mitigation

The vulnerability is fixed in Privileged Access Manager version 3.7.0.1 (Patch Update 1), released in June 2020. Users should upgrade to this version or later. No workarounds are documented in the available reference. The CVE is not listed on the CISA Known Exploited Vulnerabilities catalog as of the publication date [1].