Trend Micro Deep Discovery 3.7.1096 Authentication Bypass

2015-08-18T00:00:00
ID PACKETSTORM:133245
Type packetstorm
Reporter hyp3rlinx
Modified 2015-08-18T00:00:00

Description

                                        
                                            `[+] Credits: John Page aka hyp3rlinx  
  
[+] Website: hyp3rlinx.altervista.org  
  
[+] Source:  
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-DDI-0818.txt  
  
  
  
Vendor:  
================================  
www.trendmicro.com  
  
  
  
Product:  
===================================  
Trend Micro Deep Discovery 3.7.1096  
  
  
  
Vulnerability Type:  
===================  
Authentication Bypass  
  
  
CVE Reference:  
==============  
CVE-2015-2873  
  
  
  
  
Vulnerability Details:  
===========================================================  
http://esupport.trendmicro.com/solution/en-US/1112206.aspx  
  
http://www.kb.cert.org/vuls/id/248692  
  
Trend Micro Deep Discovery Threat Appliance version 3.7.1096  
Certain Deep Discovery Inspector URLs including the system log and  
whitelist/blacklist are accessible to a non-administrator user  
because the pages do not properly check for authorization. An  
unauthenticated user without administrator privileges may thus  
gain access to and modify certain system configuration settings.  
  
Several URLs, including the system log, whitelist, and blacklist,  
are accessible to a non-administrator user by direct request.  
The pages do not properly check for authorization.  
  
  
  
Impact:  
=======  
An authenticated user without administrator privileges may access  
and modify certain system configuration settings.  
  
  
  
Exploit code(s):  
===============  
N/A  
  
  
  
  
Disclosure Timeline:  
=========================================================  
Vendor Notification: March 26, 2015  
August 18, 2015 : Public Disclosure  
  
  
  
  
  
Severity Level:  
=========================================================  
High  
  
  
  
Description:  
==========================================================  
  
  
Request Method(s): [+] GET  
  
  
Vulnerable Product: [+] Trend Micro Deep Discovery 3.7.1096  
  
  
Vulnerable Parameter(s): [+] syslog, whitelist, blacklist  
  
  
Affected Area(s): [+] Trend Micro Deep Discovery  
  
  
===========================================================  
  
[+] Disclaimer  
Permission is hereby granted for the redistribution of this advisory,  
provided that it is not altered except by reformatting it, and that due  
credit is given. Permission is explicitly given for insertion in  
vulnerability databases and similar, provided that due credit is given to  
the author. The author is not responsible for any misuse of the information  
contained herein and prohibits any malicious use of all security related  
information or exploits by the author or elsewhere.  
  
by hyp3rlinx  
`