cyclades alterpath manager 1.1 – Multiple Vulnerabilities

cyclades alterpath manager 1.1 – Multiple Vulnerabilities

漏洞ID 1054925 漏洞类型
发布时间 2005-02-24 更新时间 2005-02-24
图片[1]-cyclades alterpath manager 1.1 – Multiple Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-cyclades alterpath manager 1.1 – Multiple Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 JSP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25159
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12649/info

Cyclades AlterPath Manager is a network device designed to facilitate remote administration of all network-accessible infrastructure resources.

Multiple remote vulnerabilities affect Cyclades AlterPath Manager. These issues are due to various design errors that affect the overall security of the vulnerable device.

The first issue is an information disclosure issue. The second would allow unauthorized access to restricted console resources. Finally the third issue will facilitate privilege escalation.

An attacker may leverage these issues to gain unauthorized access to network-based resources, to gain escalated privileges and to gain access to potentially sensitive information.

It should be noted that although only version 1.1.0 of the software is reported affected by these issues, it is likely earlier versions are affected as well. 

To access a restricted console resource:
http://www.example.com/usermode/consoleConnect.jsp?consolename=console_name

To gain escalated privileges:
http://www.example.com/application/saveUser.do?userId=9&password=&userName=my_id&fullName=My+name&department=Security&location=Work&phone=555-1212&mobile=&pager=&email=test%40example.com&status=Enable&localPassword=true&adminUser=true&forward=&action=Save

相关推荐: irssi服务拒绝漏洞

irssi服务拒绝漏洞 漏洞ID 1202090 漏洞类型 未知 发布时间 2004-01-05 更新时间 2004-01-05 CVE编号 CVE-2003-1020 CNNVD-ID CNNVD-200401-020 漏洞平台 N/A CVSS评分 5.0…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享