Eve OS Container Vulnerability Allows Unauthorized Access to Zededa Devices

CVECVE-2023-43631
CVSScvssV3_1: 8.8
SourceCVE-2023-43631

Eve OS, an operating system developed by Zededa for edge computing devices, was found to have a vulnerability that could allow unauthorized access.

The vulnerability lies in how Eve OS handles the “/config/authorized_keys” file on boot of the Pillar eve container. If this file contains any supported public keys, it will enable SSH access on port 22 using those keys for root login without additional authentication.

An attacker could simply add their own public key to this file to gain full root access on the device. Worryingly, this bypassses the “measured boot” security mechanism implemented by Eve OS to detect unauthorized changes. As the “/config” partition is not included in the measurements, the attacker can access the device without triggering any alerts on the system.

With root access, the attacker would be able to fully compromise the device and access any sensitive data stored in the encrypted vault. They could also install backdoors or malware.

Zededa has since patched the issue in later versions by including the “/config” partition in integrity measurements. However, owners of older unpatched systems remain at risk.

It is recommended that Zededa device owners check for and install any available updates as soon as possible. Admins should also consider changing SSH keys or disabling the service if not needed. Staying vigilant about patching is crucial for protecting internet connected devices.

References