BlueCat Networks is aware of this situation involving the CLI (known as the Adonis Administration Console) that can give an admin user unauthorized root privileges on the system. This situation may only arise if an administrator has admin login capabilities to the CLI whether through SSH access or direct access to the system ? i.e. monitor and keyboard. Please note that this situation is only possible if someone has both access to the system and the admin password. In most customer environments such access should be highly restricted to trusted personnel. Commonly, those trusted personnel have access to the system with both the admin and the root passwords, which will give them root access regardless. We would like to note that the Proteus IPAM appliance is not affected by this issue We are currently investigating this issue with the intention of amending the product to diminish the likelihood of this occurring. A patch should be available shortly. In the meantime, we are recommending that customers do all of the following: 1. Check administrative access ? make sure that only trustworthy people are chosen as administrators, so that only they will have access to the system, and will not abuse it. 2. Change passwords if necessary and distribute new passwords only to valid trusted admins. 3. Disable SSH remote access to the Adonis system ? this will prevent users from accessing the system remotely requiring direct access to the Adonis system for CLI access. 4. Ensure that the Adonis system is physically secured ? this will prevent unauthorized users from accessing the CLI. Kindest regards, BlueCat Networks Security
