Chat now with support
Chat with Support
Self Service Tools
Knowledge Base
My Account
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Support Essentials
Awards and Testimonials
Getting Started
License Agreement
Support Guide

Foglight Product Notification

Return
Critical Alerts
Critical Notification

Foglight Management Server (remote code execution vulnerability) 

 

A critical security vulnerability concerning a hidden service account on the Foglight Management Server was notified to us by the Zero Day Initiative (ZDI).  There are no known instances of this exploit being used against production Foglight systems.  The vulnerability can be used to create an internal administration account which can subsequently be used for remote code execution.  Please check the CVE entry for more details about the security vulnerability. All currently supported versions of the Foglight Management Server are affected.

How does this affect me?

The service account vulnerability in Foglight affects all currently supported versions and all platforms. This may allow remote code execution after creating an internal administrative account.

Workaround

If you are using any version of Foglight, please see Knowledge Base article 315091 for instructions on how to apply HotFix HFIX-314.

Status

The next releases of the Foglight Management Server will include this fix. Notifications will be sent out regarding new releases when available in the usual manner. 

Failure to apply this Hotfix will leave your system vulnerable.