SALTO ProAccess Space software using the tenancy feature / logical
partition is vulnerable to a privilege escalation attack that could
allow an authorized attacker to access any space managed by the affected
product.
Users of SALTO ProAccess using the tenancy feature should upgrade to version 6.13.
To further enhance security after
applying the update:
- Operate ProAccess Space on a protected internal
network and avoid exposing it directly to the Internet.
- Restrict
operator-level accounts to the minimum required and apply
least-privilege principles.
- If feasible, disable the partitioning
feature and operate under a single partition.
- When strong tenant
separation is required, consider running separate Space instances
(isolated environments) rather than relying solely on logical
partitioning.