Verax NMS Authentication Bypass

2013.03.07
Credit: Andrew Brooks.
Risk: High
Local: No
Remote: Yes
CVE: CVE-2013-1350
CWE: CWE-863


Ogólna skala CVSS: 6.4/10
Znaczenie: 4.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

Verax NMS Authenication Bypass (CVE-2013-1350) I. BACKGROUND ---------------------- Verax NMS provides a service-oriented, unified management & monitoring of networks, applications and infrastructure enabling quick problem detection, root-cause analysis, reporting and automating recovery, reducing costs and shortening downtimes of IT service delivery. Source: http://www.veraxsystems.com/en/products/nms II. DESCRIPTION ---------------------- Verax NMS suffers from multiple authentication and authorization flaws which allow a remote attacker to add and delete users, change the passwords of other users, and access other critical application data. These issues stem from unauthenticated methods, such as userGroupService.getAllGroups(), which fail to validate that the user either 1) has ownership or access rights to the requested objects/resources and 2) fails to confirm whether or not the caller has properly authenticated to the application and still maintains a valid session. The below Python code can be used to test vulnerable installations. If successful, the response will contain an array of user objects which includes all user details, such as username, password, e-mail address, etc. ---------------------- #!/usr/bin/python #just based on http://www.pyamf.org/tutorials/general/client.html#basic-example from pyamf import AMF0, AMF3 from pyamf.remoting.client import RemotingService client = RemotingService('http://installationurl/enetworkmanagementsystem-fds/messagebroker/amf', amf_version=AMF3) service = client.getService('userService') print service.getAllUsers() ---------------------- III. AFFECTED PRODUCTS ---------------------- All versions of Verax NMS prior to 2.1.0 are vulnerable. IV. RECCOMENDATION ---------------------- Users should upgrade to version 2.1.0 of Verax NMS. V. CREDIT ---------------------- This vulnerability was discovered by Andrew Brooks. VI. REFERENCES ---------------------- CVE-2013-1350 http://download.veraxsystems.com/download/nms-2.1.0-release-notes.txt VII. TIMELINE ---------------------- 1/10/2013 - Vendor notified 1/11/2013 - Vendor acknowledges bug report 2/20/2013 - Vulnerability remediated and pushed to mainline

Referencje:

http://download.veraxsystems.com/download/nms-2.1.0-release-notes.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top