This issue could lead to leaking of credentials and other sensitive information. The knox_vpn_policy service is used in most of the enterprise scenarios to deploy VPN connections. In Enterprise scenarios, knox_vpn_policy is configured on a per-vlan basis. The knox_vpn_policy service is configured as per the customer need. For example, if a customer has a requirement to allow only certain IPs to connect to the VPN, then this customer can configure knox_vpn_policy accordingly. This configuration is done on knox_vpn_policy service. When knox_vpn_policy is configured on a per-vlan basis, it allows configuration of individual vlans. Knox_vpn_policy service also has a feature called “override” that can be used to configure knox_vpn_policy service per-vlan basis. This is used to customize knox_vpn_policy per-vlan based configuration. In some cases, knox_vpn_policy service can be configured using a global configuration file. The knox_vpn_policy service can be configured using a global configuration file or per-vlan based configuration using the override feature of knox_vpn_policy. In either of these cases, knox_vpn_policy service allows configuration of individual vlans. An attacker can access the knox_vpn_policy service
1.2 Introduction to knox_vpn_policy Service
If an attacker manages to gain access to the knox_vpn_policy service, he can then use this service to deploy VPN clients. The attacker can either deploy a new VPN client or modify the existing one. In both cases, the attacker will be able to see all the configuration and credentials for any VPN client that is deployed using this service.
In some cases, if an attack is too advanced and the customer does not have visibility into their configurations, the customer should configure knox_vpn_policy on a per-vlan basis. This will allow them to take corrective actions in case something goes wrong after deployment of their VPN clients.
Access knox_vpn_policy Service
An attacker can access the knox_vpn_policy service by opening a service socket on port 5004 of the Knox server. An attacker can use this to send commands to the knox_vpn_policy service for configuring a VPN connection or deleting a VPN connection.
Description of the issue
An attacker can access the knox_vpn_policy service by performing a non-privileged SSH connection to the Knox server.
The knox_vpn_policy service is used in most of the enterprise scenarios to deploy VPN connections. In Enterprise scenarios, knox_vpn_policy is configured on a per-vlan basis. The knox_vpn_policy service is configured as per the customer need. For example, if a customer has a requirement to allow only certain IPs to connect to the VPN, then this customer can configure knox_vpn_policy accordingly. This configuration is done on knox_vpn_policy service. When knox_vpn_policy is configured on a per-vlan basis, it allows configuration of individual vlans. Knox _VPN _Policy service also has a feature called “override” that can be used to configure knox _VPN _Policy service per-vlan based configuration. This overrides any global configurations from PCF or from VNFs managed by NetScaler appliance and provides granular control over provisioning of VPN services at different layers of network abstraction.
An Overview of the knox_vpn_policy Service
The knox_vpn_policy service allows configuration of individual vlans. Knox_vpn_policy service also has a feature called “override” that can be used to configure knox_vpn_policy service per-vlan basis. This is used to customize the entire configuration without having to modify the global configuration file. An attacker can access the knox_vpn_policy service using the default password "temppass" and bypass the control of Knox by performing a login with this account on any VLAN configured in the policy.
Timeline
Published on: 10/07/2022 15:15:00 UTC
Last modified on: 10/08/2022 13:16:00 UTC