Alcatel leaves LAN switch software back door wide open

A security vulnerability in Alcatel SA’s OmniSwitch 7000 series LAN switches could lead to an attacker gaining full control over the switches, Alcatel warned.

Alcatel OmniSwitch 7700 and 7800 switches running the Alcatel Operating System (AOS) Version 5.1.1 are affected, Alcatel said in a security advisory this week. The Computer Emergency Response Team/Coordination Center (CERT/CC) at Carnegie Mellon University in Pittsburgh issued a separate warning on Thursday.

In the vulnerable systems, a telnet server listens for connections on TCP port 6778 and accepts connections without requiring a password, creating a back door that provides full administrative control over the switch.

The telnet access was used for development of the product and Alcatel forgot to remove it “due to an oversight,” the company said. Alcatel informed CERT of the back door when it was discovered during a code audit, the Paris network equipment maker said.

Users of vulnerable switches should immediately create an access control list blocking all access to port 6778 on the switch, Alcatel said. A patch to close the back door is also available. Furthermore, the vulnerability will be removed from AOS as of Version 5.1.3, Alcatel said. AOS ships with each OmniSwitch.

The scope of the vulnerability is limited because the OmniSwitch 7000 series is meant for use in enterprise networks, not in public networks, Alcatel spokesman Klaus Wustrack said Friday. That means that companies could face attacks from the inside only and that public networks are not at risk.

“These switches are normally used within a private enterprise network. They are not public switching products. Any enterprise should protect their private network through a firewall,” Wustrack said.