Announced 25 February 2021
CVSS 3.1 Score: 9.8 (Critical)
A remote command execution (RCE) vulnerability affects the following IGEL products:
- IGEL OS 11
- IGEL OS 10
An external penetration test has found that the TLS connector service used in IGEL OS for secure shadowing and secure terminal is vulnerable to command injection. This vulnerability enables remote command execution in IGEL OS.
- IGEL OS 11: Update to IGEL OS 11.04.270 or newer.
- IGEL OS 11.03.* branch: Update to version 11.03.620 or newer
- IGEL OS 10: Upgrade to IGEL OS 10.06.220 or newer.
Disable secure shadowing, see Shadow. However, it is not advisable to use unencrypted shadowing instead.
Disable secure terminal, see Secure Terminal.