Aerohive HiveOS Multiple Security Vulnerabilities
BID:69452
Info
Aerohive HiveOS Multiple Security Vulnerabilities
| Bugtraq ID: | 69452 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 28 2014 12:00AM |
| Updated: | Aug 28 2014 12:00AM |
| Credit: | Denis Andzakovic, Scott Bell, Nick Freeman, Thomas Hibbert, Carl Purvis, and Pedro Worcel. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Aerohive HiveOS Multiple Security Vulnerabilities
Aerohive HiveOS is prone to multiple security vulnerabilities, including:
1. A local file-include vulnerability
2. An information-disclosure vulnerability
3. An authorization-bypass vulnerability
Successful exploits will allow attackers to obtain sensitive information, bypass certain security restrictions, perform unauthorized actions, and execute arbitrary local files within the context of the web server process. This may aid in further attacks.
Aerohive HiveOS is prone to multiple security vulnerabilities, including:
1. A local file-include vulnerability
2. An information-disclosure vulnerability
3. An authorization-bypass vulnerability
Successful exploits will allow attackers to obtain sensitive information, bypass certain security restrictions, perform unauthorized actions, and execute arbitrary local files within the context of the web server process. This may aid in further attacks.
Exploit / POC
Aerohive HiveOS Multiple Security Vulnerabilities
Attackers can use standard, readily available tools to exploit these issues.
Attackers can use standard, readily available tools to exploit these issues.
Solution / Fix
Aerohive HiveOS Multiple Security Vulnerabilities
Solution:
Reportedly, the issue is fixed; however, Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly, the issue is fixed; however, Symantec has not confirmed this. Please contact the vendor for more information.
References
Aerohive HiveOS Multiple Security Vulnerabilities
References:
References: