Today, NAPALM patched several vulnerabilities of impact that were found and reported by Computest. NAPALM is a router configuration management framework, that is used to manage the configurations of routers. The vulnerabilities allow an attacker who has compromised a single router, to compromise the NAPALM controller as well, thereby gaining access to all routers managed by that controller.
If you make use of NAPALM in your infrastructure, it is recommendable to upgrade to the latest versions (napalm-base 0.24.3 and napalm-iosxr 0.5.3) as soon as possible.
Computest thanks NAPALM for their quick and professional response in the disclosure process. More information can be found in our advisories