Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-23759 affects Perle IOLAN STS and SCS terminal server models with firmware versions prior to 6.0. It is an authenticated OS command injection vulnerability occurring in the restricted shell accessed via Telnet or SSH.'}, {'type': 'paragraph', 'content': "The vulnerability arises because the 'ps' command in the shell does not properly sanitize user-supplied arguments and passes them directly into an 'sh -c' invocation running as root."}, {'type': 'paragraph', 'content': "An authenticated attacker who can log into the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system."}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an authenticated attacker to execute arbitrary OS commands with root privileges on the affected device.

As a result, the attacker can fully compromise the underlying operating system, impacting confidentiality, integrity, and availability of the device.

Such a compromise could lead to unauthorized access to sensitive data, disruption of services, and potential use of the device as a foothold for further attacks within the network.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by verifying if your Perle IOLAN STS or SCS terminal server is running a firmware version prior to 6.0, as these versions are affected.'}, {'type': 'paragraph', 'content': "Since the vulnerability involves an authenticated OS command injection via the restricted shell's 'ps' command over Telnet or SSH, detection can involve attempting to log in to the device and testing the 'ps' command for improper argument sanitization."}, {'type': 'paragraph', 'content': "A practical detection approach is to connect to the device via SSH or Telnet and run the 'ps' command with shell metacharacters appended to see if arbitrary commands execute with root privileges."}, {'type': 'list_item', 'content': 'Use SSH or Telnet to log into the device.'}, {'type': 'list_item', 'content': 'Run a command like: ps; id or ps && id to check if shell metacharacters are executed.'}, {'type': 'list_item', 'content': 'If the output includes results of the injected command (e.g., user id information), the device is vulnerable.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the firmware of the affected Perle IOLAN STS or SCS terminal servers to version 6.0 or later, where this vulnerability is fixed.

Until the upgrade can be applied, restrict access to the Telnet and SSH interfaces to trusted users only, as the vulnerability requires authenticated access.

Additionally, monitor and audit login attempts and command usage on the device to detect any suspicious activity.

Useful 0 Not Useful 0