- 15 Feb 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Edge Filer Security Vulnerability
- Updated on 15 Feb 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Vulnerability Description
A vulnerability has been identified in the CTERA Edge Filer administrative interface that allows authenticated users to escalate their privileges. This vulnerability has been assessed by CTERA to have a moderate to high level of severity.
Vulnerability Details
Publication Date: Jan 31 2022
CTERA CVSS score of 6.2
Affected CTERA Products
- CTERA Edge Filer (All versions before 7.3.2376.27)
Analysis
This vulnerability is considered critical, as a logged in user that has write access to a file's extended attributes may execute arbitrary code .
CTERA products other than CTERA Edge Filers are not affected.
Workaround
If upgrade is not possible, it is advisable to block access to the administrative interface of the Edge Filer (port 443) for non-administrative users.
Permanent Solution
CTERA Edge Filer 7.3.2376.27, contains a fix for this issue. Customers who have not upgraded to this or a higher version are advised to schedule a short maintenance window for installing this patch version on their edge filers.