This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. Because this service offers access to the Apache Axis AdminService, an unprivileged local attacker can publish arbitrary classes with the deployment method. An attacker can leverage this access to install arbitrary .jsp files on the server, which will by default run under the context of SYSTEM.
{"id": "ZDI-15-551", "vendorId": null, "type": "zdi", "bulletinFamily": "info", "title": "IBM System Networking Switch Center Local Privilege Escalation Vulnerability", "description": "This vulnerability allows local unprivileged attackers to execute arbitrary code on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. Because this service offers access to the Apache Axis AdminService, an unprivileged local attacker can publish arbitrary classes with the deployment method. An attacker can leverage this access to install arbitrary .jsp files on the server, which will by default run under the context of SYSTEM.", "published": "2015-11-10T00:00:00", "modified": "2015-11-10T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-551/", "reporter": "rgod", "references": ["https://support.lenovo.com/us/en/product_security/len_2015_074"], "cvelist": ["CVE-2015-7818"], "immutableFields": [], "lastseen": "2022-02-10T00:00:00", "viewCount": 3, "enchantments": {"dependencies": {}, "score": {"value": 2.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2015-7818"]}, {"type": "lenovo", "idList": ["LENOVO:PS500025-NOSID"]}]}, "exploitation": null, "vulnersScore": 2.4}, "_state": {"dependencies": 1645230751, "score": 1659764195}}
{"cve": [{"lastseen": "2022-03-23T14:00:38", "description": "The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.", "cvss3": {}, "published": "2015-11-12T03:59:00", "type": "cve", "title": "CVE-2015-7818", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7818"], "modified": "2015-11-12T19:04:00", "cpe": ["cpe:/a:lenovo:switch_center:8.1.1.0", "cpe:/a:ibm:system_networking_switch_center:7.3.1.4"], "id": "CVE-2015-7818", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7818", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ibm:system_networking_switch_center:7.3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:lenovo:switch_center:8.1.1.0:*:*:*:*:*:*:*"]}], "lenovo": [{"lastseen": "2018-02-21T17:01:58", "description": "**Lenovo Security Advisory:**LEN-2015-074, LEN-2746 \n**Potential Impact:** Escalation of Privileges \n****Severity****: High\n\n**Summary:** Multiple vulnerabilities have been identified in the following products:\n\n\\- IBM System Networking Switch Center \n\\- Lenovo Switch Center \n\n**Description:**\n\nLenovo Switch Center, previously known as IBM System Networking Switch Center before it was acquired by Lenovo as part of its purchase of the IBM x86 server business, is a utility that provides remote monitoring and management of Ethernet and converged switches from Lenovo and IBM. It is designed to simplify and centralize the management of Lenovo and IBM BladeCenter, Flex System and RackSwitch Ethernet and converged switches.\n\nMultiple local privilege escalation vulnerabilities have been identified in these two products: Unprivileged local users may be able to run a command or code with escalated privileges on the system, unauthenticated users may be able to remotely obtain the encrypted administrator password, or the session user ID may be temporarily set to a valid ID used to log in.\n\n**Affected Products and Versions:**\n\nThis vulnerability affects all versions of IBM System Networking Switch Center prior to and including 7.1.3.4 and Lenovo Switch Center 8.1.1.0\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nProducts that are still under a support contract can be upgraded to either IBM System Networking Switch Center 7.3.1.5 or Lenovo Switch Center 8.1.2.0 available from [IBM Passport Advantage](<http://www-01.ibm.com/software/howtobuy/passportadvantage/>)\n\n**Acknowledgements: **\n\nThanks to rgod working with HP\u2019s Zero Day Initiative.\n\n**Other information and references:**\n\nCVE ID: CVE-2015-7817; CVE-2015-7818; CVE-2015-7819;CVE-2015-7820\n\nZDI Reference: ZDI-CAN-3008; ZDI-CAN-3009; ZDI-CAN-3010; ZDI-CAN-3011; ZDI-CAN-3012\n\n**Revision History:**\n\n****Revision****\n\n| \n\n****Date****\n\n| \n\n****Description**** \n \n---|---|--- \n** 1.0** | ** 11/05/2015** | ** Initial release**\n", "cvss3": {}, "published": "2017-01-23T00:00:00", "type": "lenovo", "title": "Privilege escalation vulnerabilities in IBM System Networking Switch Center and Lenovo Switch Center", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7820", "CVE-2015-7817", "CVE-2015-7819", "CVE-2015-7818"], "modified": "2017-01-23T00:00:00", "id": "LENOVO:PS500025-NOSID", "href": "https://support.lenovo.com/us/en/product_security/len_2015_074", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
IBM System Networking Switch Center Local Privilege Escalation Vulnerability
