exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Tripwire IP360 VnE Remote Administrative API Authentication Bypass

Tripwire IP360 VnE Remote Administrative API Authentication Bypass
Posted Oct 5, 2015
Authored by Specto

The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled.

tags | advisory, remote, web, bypass
advisories | CVE-2015-6237
SHA-256 | f39b0d4187cc158f2f89d6baa904081ee7d836d144b591161f265d845ad45d81

Tripwire IP360 VnE Remote Administrative API Authentication Bypass

Change Mirror Download
Document Title
================
Tripwire IP360 VnE Remote Administrative API Authentication
Bypass/Privilege Acquisition Vulnerability


Affected Products
===================
Vendor: Tripwire
Software/Appliance: IP360 VnE Vulnerability Manager
Affected (verified) versions: v7.2.2 -> v7.2.5


CVE
=====
CVE-2015-6237


CVSS
=======
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O/RC:C
Base Score: 10.0
Temporal Score: 9.5


Rating
=========
Critical


Vulnerability Summary
======================

The IP350 VnE is susceptible to a remote XML-RPC authentication
bypass vulnerability, which allows for specially crafted privileged
commands to be remotely executed without authentication. The RPC
service is available on the public HTTPS interface of the VnE by
default, and cannot be disabled.


Impact
========

Successful exploitation will allow a remote unauthenticated
attacker to execute commands and queries against the API normally
only available to privileged users. Attack vectors include the
ability to enumerate all local/remote users, reset any password of
a user on the system, and manipulate IP filter restrictions for any
user. Users configured to use external authentication sources (e.g.
LDAP) can have a local password created and made usable by an
attacker while the authorized user continues to use external
authentication. The combined vectors could allow for remote
administrative privilege acquisition.


Remediation
=============
Update to v7.2.6


Credits
==========
This vulnerability was discovered and reported by Specto
(specto [at] custodela [dot] com).


Relevant Timeline
====================

18/08/2015: Initial vendor contact
19/08/2015: Vulnerability provided to vendor
19/08/2015: Vulnerability accepted by vendor
25/08/2015: Vulnerability confirmed by vendor
30/09/2015: Update with vulnerability fix released by vendor
01/10/2015: Advisory posted
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close