It is possible to execute an arbitrary command with root privileges on phion netfence 4.0.x, phion netfence versions prior to 4.2.15 and NG Firewall versions prior to 5.0.2 boxes with activated external authentication scheme (i.e. Active Directory). An attacker with the knowledge of an admin's username is able to perform arbitrary shell commands during the ssh login procedure on the box. The knowledge of the admin's password is not required.
fee59e2c3c8776e6ab9ed6abb4364a9562154ddc30dfed06de24b65179dd71f4