VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass Vulnerability
BID:9876
Info
VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass Vulnerability
| Bugtraq ID: | 9876 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2004 12:00AM |
| Updated: | Mar 15 2004 12:00AM |
| Credit: | This issue has been reported by "Rafel Ivgi, The-Insider" <[email protected]>. |
| Vulnerable: |
VocalTec VGW4/8 Telephony Gateway |
| Not Vulnerable: | |
Discussion
VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass Vulnerability
It has been reported that the VGW4/8 Telephony Gateway is prone to a remote authentication bypass vulnerability via its web configuration tool. The problem is due to a design error in the application that allows a user to access configuration pages without prior authentication.
Successful exploitation of this issue may allow a remote attacker to gain control of the affected appliance via its web configuration tool.
It has been reported that the VGW4/8 Telephony Gateway is prone to a remote authentication bypass vulnerability via its web configuration tool. The problem is due to a design error in the application that allows a user to access configuration pages without prior authentication.
Successful exploitation of this issue may allow a remote attacker to gain control of the affected appliance via its web configuration tool.
Exploit / POC
VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/home.asp/
http://www.example.com/home.asp/../menu.asp
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/home.asp/
http://www.example.com/home.asp/../menu.asp
Solution / Fix
VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass Vulnerability
References:
References:
- VGW4/8 Telephony Gateway Main Page (VocalTec)
- VocalTec Gateway 8 Reverse Directory Transversal + Authorization Bypass ("Rafel Ivgi, The-Insider"