From within the Verax NMS Console, users can navigate to monitored devices and perform predefined actions (NMSAction), such as repairing tables on a MySQL database or restarting services. When these actions are initiated, the AMF response from the application leaks the plaintext connection details to the client and may do so over an unencrypted connection. This behavior would allow an unprivileged user to recover sensitive connection details for arbitrary services and applications. All versions of Verax NMS prior to 2.1.0 are vulnerable.
66cf40d31f06bbe4131715e1741bd12a91006cb43cdcba0edc044553a2002b0f