what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Collaboration Compliance And Quality Management Platform 9.1.1.5482 Improper Access Control

Collaboration Compliance And Quality Management Platform 9.1.1.5482 Improper Access Control
Posted Oct 3, 2018
Authored by Tobias Huppertz | Site syss.de

Collaboration Compliance and Quality Management Platform versions 9.1.1.5482 and below suffer from an improper access control vulnerability.

tags | exploit
advisories | CVE-2018-17872
SHA-256 | 750eb164ea45b8c746c98b5354c209f19dd64366c1af8fd09c78c20f8081542f

Collaboration Compliance And Quality Management Platform 9.1.1.5482 Improper Access Control

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Advisory ID: SYSS-2018-024
Product: Collaboration Compliance and Quality Management Platform
Manufacturer: Verint Verba
Affected Version(s): <= 9.1.1.5482
Tested Version(s): 9.1.1.5482
Vulnerability Type: Improper Access Control (CWE-284)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2018-08-29
Solution Date: 2018-08-31
Public Disclosure: 2018-10-02
CVE Reference: CVE-2018-17872
Author of Advisory: Tobias Huppertz, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

Collaboration Compliance and Quality Management Platform is a product
to record and play calls with VoIP-telephons including Skype, messages
and video. The permission management works with different roles and
groups. So member can just play their own calls and investigators can
also play calls of other users.

The manufacturer describes the product as follows (see [1]):

"Verint Essential Workforce Optimization offers advanced automation to
get the most from your workforce. Our software and services can
enhance the efficiency of your employees and processes, and enable you
to share workforce intelligence in real-time across your
business. Mid-market contact centers, back-office operations, branch
operations and financial trading rooms can rely on Verint Essential
Workforce Optimization to capture and store interactions, heighten
quality, ensure compliance and help manage the availability and
performance of employees in targeted areas of their businesses."

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

At the page "Group Configuration - Assign Users" a list of users are
shown which are in this group. Every user can also be a member of the
groups Member, Supervisor, Investigator, Administrator and Manager,
but Investigator is diabled. By modifing the html source code with the
developer tools (Internet Explorer 11: key F12) it is possible to
enable this checkbox, set it to true and save the new
configuration. At this moment the user gets also a new tab named
workflow to see four-eyes-requests.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

Go to "Group Configuration - Assign Users", enable the Investigator
checkbox with the developer tools, activate the checkbox and press
save.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

Install the new version, which was published by the vendor [2].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2018-08-16: Vulnerability discovered
2018-08-30: Vulnerability reported to manufacturer
2018-08-30: Vulnerability confirmed by manufacturer
2018-08-31: Update released by manufacturer
2018-10-01: CVE number assigned
2018-10-02: Public disclosure of vulnerability

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Collaboration Compliance and Quality Management Platform
https://www.verba.com/solutions/compliance-recording-collaboration/#Skype-for-Business
[2] Verba 9.2 Release Notes (build 9.2.2.5549) - RI-016912
https://releases.verba.com/?v=9.2
[3] SySS Security Advisory SYSS-2018-024
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt
[4] SySS Responsible Disclosure Policy
https://www.syss.de/en/news/responsible-disclosure-policy/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Tobias Huppertz of SySS GmbH.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory
may be updated in order to provide as accurate information as
possible. The latest version of this security advisory is available on
the SySS Web site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0
URL: http://creativecommons.org/licenses/by/3.0/deed.en

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE8ufGpZlQhO161g3U7b4m5xTqWHYFAluzWxwACgkQ7b4m5xTq
WHa34Q/+MJ0Pm3y/bweW1CMtrPad2b/ADAeAavdrqWPQah6FJOOdhY8LAt/YbpnI
qOGZhdqvJ8Jcf4pZbdQdV4qbcgaVP3yNjSFPiYX6QdgoDOCL5bpKFHU4EBLyU5Lt
w+FczFBatL/APdf4L6bOaIHqal7tOKr4O0zxNb8+IEGpRjNiprEInrLvi/bS0qpT
38391GtdPo2gHCVS4lpVmJt7jOSOpAnZeWj3PO7wFuK8WaAimkj6MmZwHZL/Cu7w
bzXlhbRz+c3FmZf5mWmvfCnLUdJPlUxFvayFvdd900Nc4l7RUop25mFKnTOV27U6
VwoW5UVGWDpHBxAZKqdFMiph9yX2KUUqpq+HvO4vCWZzIwAcvvZA4Wdx6btzbZgu
AKiddHf/OClJQW6hkcsybwAf/vam5ElWckxmhgcypSqrGd612nuHo93urf0ECi88
PNvaNigrRtwuHSfobmrDOrRfpnAdrS4ERT8/xvqUJ4h0LWH3Nh7oJ0aeowxThQ2m
zx03JXNF7TLGP/oHntNmWEF8ZMUkTpxlSPrCmDGLADx2HWv9u5TYHwRMgbkGBwWA
xuwb7jmuIhVp3qkoZ4NuMnE3eUka/8kDmOUckNQ6LxMg3Q8N+DiQno2TJ/1S2uSh
n3+e4I0SPgtuaXMQjlaaYcmGPPx0c8o+hv1eT5pHUEEiZZuiFfM=
=AiRc
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close