Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.803181 |
Kategorie: | Web application abuses |
Titel: | Verax Network Management System Multiple Vulnerabilities |
Zusammenfassung: | The host is running Verax Network Management System and is prone to; multiple vulnerabilities. |
Beschreibung: | Summary: The host is running Verax Network Management System and is prone to multiple vulnerabilities. Vulnerability Insight: - An improper restricting access to certain actions via Action Message Format (AMF), which can be exploited to retrieve user information by requesting certain objects via AMF - The decryptPassword() uses a static, hard coded private key to facilitate process. These passwords should be considered insecure due to the fact that recovering the private key is decidedly trivial. - The private and public keys are hard coded into clientMain.swf the encrypted password could be captured and replayed against the service by an attacker. - The Verax NMS Console, users can navigate to monitored devices and perform predefined actions (NMSAction), such as repairing tables on a MySQL database or restarting services. Vulnerability Impact: Successful exploitation will allow remote attackers to bypass certain security restrictions, perform unauthorized actions and obtain sensitive information. This may aid in launching further attacks. Affected Software/OS: Verax NMS version prior to 2.1.0 Solution: Upgrade to Verax NMS 2.1.0 or later. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N |
Querverweis: |
BugTraq ID: 58334 Common Vulnerability Exposure (CVE) ID: CVE-2013-1350 http://www.securityfocus.com/bid/58334 https://exchange.xforce.ibmcloud.com/vulnerabilities/82705 Common Vulnerability Exposure (CVE) ID: CVE-2013-1351 https://andrewbrooksblog.wordpress.com/2013/03/03/verax-nms-13-cve-2013-1351/ https://exchange.xforce.ibmcloud.com/vulnerabilities/82704 Common Vulnerability Exposure (CVE) ID: CVE-2013-1352 https://exchange.xforce.ibmcloud.com/vulnerabilities/82706 https://packetstormsecurity.com/files/cve/CVE-2013-1352/page1/ Common Vulnerability Exposure (CVE) ID: CVE-2013-1631 https://andrewbrooksblog.wordpress.com/2013/03/06/verax-nms-23-cve-2013-1352-cve-2013-1631/ |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |