A critical vulnerability has been identified in the Remote Shell Service (RSH) on specific Infinera products, allowing an attacker to gain complete system access without a password. Successful exploitation of this flaw could lead to a full compromise of the affected network device, enabling data theft, service disruption, and further attacks on the internal network. Due to the critical severity and ease of exploitation, immediate remediation is strongly recommended.

The vulnerability exists within the Remote Shell (RSH) service on affected Infinera MTC-9 devices. The service contains pre-configured, password-less user accounts that an attacker can access over the network. By connecting to the RSH port (typically TCP 514), an attacker can leverage these accounts to execute arbitrary commands and establish a reverse shell, which provides them with interactive command-line access to the underlying operating system of the device.

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the high potential for significant damage. A successful exploit grants an attacker direct administrative access to the network device, compromising its confidentiality, integrity, and availability. This could lead to severe business consequences, including the interception of network traffic, unauthorized modification of network configurations, complete service outages, and the use of the compromised device as a pivot point to launch further attacks against the internal corporate network.

Immediate Action: The primary remediation is to apply the security patches provided by the vendor. Organizations must update the firmware on all affected Infinera MTC-9 devices to version R23.0 or a later release. Following the update, security teams should actively monitor for any signs of exploitation attempts and review historical access logs for unauthorized connections to the RSH service.

Proactive Monitoring: Implement enhanced monitoring on network devices. Specifically, look for inbound connection attempts to TCP port 514 (RSH) from untrusted IP addresses. Monitor for any unexpected outbound connections from the Infinera devices, as this could indicate a successful reverse shell. System logs should be reviewed for anomalous user logins or command execution that deviates from normal administrative activity.

Compensating Controls: If patching cannot be immediately deployed, implement the following compensating controls:

• Disable the RSH service on the device if it is not essential for business operations.
• Use a firewall or Access Control Lists (ACLs) to restrict access to the RSH port (TCP 514) to a limited set of trusted management IP addresses.
• Implement network segmentation to isolate the management interfaces of network devices from general user networks.

Public Exploit Available: False

Given the critical CVSS score of 9.8 and the potential for a complete network device takeover, this vulnerability poses a severe risk to the organization. We strongly recommend that all affected Infinera MTC-9 devices be patched immediately by upgrading to the recommended firmware version. Although this CVE is not currently listed on the CISA KEV catalog, its high severity warrants urgent attention. If patching is delayed, the compensating controls listed above must be implemented without delay to reduce the attack surface.