BreakingPoint Systems Storm CTM information disclosure vulnerabilities

Overview

BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.

Description

According to BreakingPoint’s website,_ the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide organizations with the insight to battle-test IT infrastructures, train cyber warriors, tune systems and policies, and transform security processes to be proactive and effective… _BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.

* CVE-2012-2963: The BreakingPoint Systems Control Center GUI and administrative clients communicate in plaintext. All information exchanged between client and server, including the username and password, are sent in plain text XML transfers over tcp/8880. For additional information see Dell SecureWorks security advisory [SWRX-2012-005](<http://www.secureworks.com/research/advisories/SWRX-2012-005/>).
* CVE-2012-2964: The BreakingPoint Systems Storm CTM administrative interface does not properly check for authorization. User-controllable requests supplied to the ‘`/gwt/BugReport`’ script of the embedded web server are not properly checked for authorization. An unauthenticated remote attacker can leverage this issue to retrieve a diagnostic report of the system’s configuration. This report, delivered as a .tgz archive, includes sensitive information, including system logs, test results, and detailed system configuration information as well as account names and email addresses of authorized users. For additional information see Dell SecureWorks security advisory [SWRX-2012-006](<http://www.secureworks.com/research/advisories/SWRX-2012-006>).  

---

Impact

An attacker may be able to gather sensitive configuration information including account credentials, session authentication tokens, test configurations, and test results of the BreakingPoint Systems Storm CTM device. It is also possible that an unauthenticated remote attacker may be able to retrieve a diagnostic report of the BreakingPoint Systems Storm CTM configuration which contains detailed system configuration information as well as account names and email addresses of authorized users.

---

Solution

Update
The vendor has stated that these vulnerabilities will be resolved in BreakingPoint Systems Storm CTM version 3.0. Users are advised to update to BreakingPoint Systems Storm CTM version 3.0 or higher, when it is available.

---

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing a BreakingPoint Systems Storm CTM appliance using stolen credentials from a blocked network location.

---

Vendor Information

520430

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

BreakingPoint Systems Inc __ Affected

Notified: April 26, 2011 Updated: August 02, 2012

Status

Affected

Vendor Statement

The vendor has stated that these vulnerabilities will be resolved in BreakingPoint Systems Storm CTM version 3.0. Users are advised to update to BreakingPoint Systems Storm CTM version 3.0 or higher, when it is available.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base	5	AV:N/AC:L/Au:N/C:P/I:N/A:N
Temporal	3.6	E:U/RL:W/RC:UC
Environmental	1.1	CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

• <http://www.breakingpointsystems.com/products/product-line/breakingpoint-storm/&gt;
• <http://www.secureworks.com/research/advisories/SWRX-2012-005/&gt;
• <http://www.secureworks.com/research/advisories/SWRX-2012-006/&gt;

Acknowledgements

Thanks to Jeff Jarmoc of Dell SecureWorks for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs:	CVE-2012-2963, CVE-2012-2964
Date Public:	2012-08-01 Date First Published: