HTTP and HTTPS Access Vulnerability

Summary

A vulnerability has been identified in a third-party package used by Allied Telesis AR series devices runningĀ AlliedWare PlusĀ that provides HTTP and HTTPS access to the firewall GUI.

This vulnerability makes it possible to bypass user authentication and gain unauthorized access to an AR series device running AlliedWare Plus.

Version: C613-14016-00 REV D.

  1. Target ProductsĀ AR series devices that run the AlliedWare Plus OS software version 5.4.5 or later.
    1. AffectedĀ AR4050S, AR3050S, AR2050V, AR2010V
    2. Not affectedĀ Vista Manager EXĀ and its plug-ins areĀ notĀ vulnerable. Allied Telesis switches running AlliedWare Plus are not vulnerable.
  2. ImpactĀ AR series devices that run AlliedWare Plus face the possibility of unauthorized access.
  3. Firmware Upgrades that resolve this issue Version 5.4.7-2.6 and later resolve this issue.
  4. Further informationĀ cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8715
About Allied Telesis
[ninja_form id=65]
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.