CVE-2024-42018
📋 TL;DR
This vulnerability in Atos Eviden SMC xScale allows unprivileged users to access sensitive configuration parameters containing credentials after a reboot of diskful nodes. The issue occurs because iptables firewall rules protecting management nodes don't survive reboots, exposing credentials needed for HPC cluster initialization. Only diskful nodes running SMC xScale before version 1.6.6 are affected.
💻 Affected Systems
- Atos Eviden SMC xScale
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to embedded credentials in configuration parameters, potentially compromising the entire HPC cluster management infrastructure and enabling lateral movement.
Likely Case
Unauthorized users access sensitive configuration data containing credentials, leading to potential privilege escalation or unauthorized access to management functions.
If Mitigated
With proper access controls and network segmentation, impact is limited to credential exposure without direct system compromise.
🎯 Exploit Status
Exploitation requires access to the system and a reboot event. The vulnerability is in configuration persistence, not requiring complex exploitation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.6
Restart Required: Yes
Instructions:
1. Upgrade SMC xScale to version 1.6.6 or later. 2. Apply the updated cloudinit configuration. 3. Reboot diskful nodes to apply persistent iptables rules.
🔧 Temporary Workarounds
Manual iptables persistence
linuxManually configure iptables rules to persist across reboots on diskful nodes
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
systemctl enable iptables
systemctl start iptables
Network segmentation
allIsolate management nodes from regular user networks using physical or virtual network segmentation
🧯 If You Can't Patch
- Implement strict network access controls to limit access to management nodes only to authorized administrators.
- Monitor and audit access to management node configuration endpoints and alert on unauthorized access attempts.
🔍 How to Verify
Check if Vulnerable:
Check SMC xScale version: if below 1.6.6 and using diskful nodes, check if iptables rules protecting management node access survive reboot.Check Version:
Check SMC xScale version through management interface or consult system documentation for version identification.Verify Fix Applied:
After patching to 1.6.6, reboot diskful nodes and verify iptables rules protecting management node access are still active using 'iptables -L -n'.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to management node configuration endpoints
- Changes to iptables firewall rules on diskful nodes
- Failed authentication attempts on management interfaces
Network Indicators:
- Unexpected network traffic to management node ports from non-admin systems
- Configuration data transfers to unauthorized systems
SIEM Query:
source="management-node" AND (event="configuration_access" OR event="firewall_change") AND user NOT IN admin_users