There currently are no workarounds to this vulnerability.
The only effective solution is to patch the system which removes the vulnerability entirely.
Two separate patches have been released to correct this vulnerability. It should be applied as soon as possible to all instances of TPAM that are effected. These patches eliminate the vulnerable component in the Linux subsystem of TPAM without modifying the behavior of the application.
Versions 2.3 & 2.4
Hotfix_6764 has been released to correct this vulnerability. It should be applied as soon as possible to all instances of TPAM appliances with the following versions 2.3.761 to 2.4.804.
If you choose to upgrade from a 2.3 or 2.4 version to any other 2.3 or 2.4 version you must ensure that you reapply hotfix_6764 to ensure the vulnerability is removed.
If upgrading from 2.4 to 2.5 please see below.
Hotfix_6788 has been released to correct this vulnerability. It should be applied as soon as possible to all instances of TPAM appliances with the following versions 2.5.904 to 2.5.912.
If you choose to upgrade from an older version to a version that is 2.5.912 or below, the 6788 hotfix must be reapplied to ensure the vulnerability is removed. However, if upgrading to version 2.5.913 or greater, the patch will be included and there is no need to reapply.
As an example:
An upgrade from 2.5.904 – 2.5.913 – no patch required as 2.5.913 contains the vulnerability patch.
An upgrade from 2.5.904 – 2.5.912 – patch would be required to be installed again after the 2.5.912 upgrade is complete.
To download hotfix 6788 and 6764 please login to the TPAM Appliance Portal
The previously released hotfix_6763 has been superseded by hotfix_6788. The 6788 hotfix also includes an update to correct possible performance issues which may result if specific CLI commands are executed. For additional information on the performance issues please see Knowledge Article 133765
Questions or comments
If you have any questions or comments, please log a request using our Manage Service Request tool or see the Contact Support page for other contact methods available.