Secunia Security Advisory - Michal Sajdak has reported two vulnerabilities in ASMAX AR 804gu, which can be exploited by malicious people to conduct cross-site request forgery attacks or compromise a vulnerable system.
b7426916dcbd858a829f13b6696144a4c90c5ab55b3e843a9d2ef5e342e1cda4
----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
http://secunia.com/advisories/business_solutions/
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com
----------------------------------------------------------------------
TITLE:
ASMAX AR 804gu Command Execution and Cross-Site Request Forgery
SECUNIA ADVISORY ID:
SA35310
VERIFY ADVISORY:
http://secunia.com/advisories/35310/
DESCRIPTION:
Michal Sajdak has reported two vulnerabilities in ASMAX AR 804gu,
which can be exploited by malicious people to conduct cross-site
request forgery attacks or compromise a vulnerable system.
1) Access to the "system" script is not properly restricted to
authenticated administrators. This can be exploited to access the
script and e.g. execute arbitrary commands passed via a query string
starting with "system".
Successful exploitation requires network access to the web-based
administration interface.
2) The web-based administration interface allows users to perform
certain actions via HTTP requests without performing any validation
checks to verify the requests. This can be exploited to perform
certain actions e.g. when an administrative user visits a specially
crafted web page.
NOTE: This vulnerability can be exploited in combination with
vulnerability #1.
The vulnerabilities are reported in firmware version 66.34.1.
SOLUTION:
Filter all network traffic to the web-based administration interface.
PROVIDED AND/OR DISCOVERED BY:
Michal Sajdak, Securitum
CHANGELOG:
2009-06-05: Updated "Description" and "Solution" section.
ORIGINAL ADVISORY:
http://www.securitum.pl/dh/asmax-ar-804-gu-compromise
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------