Vulners
Lucene search
Interspire Email Marketer Authentication Bypass Vulnerability
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | Interspire Email Marketer - Remote Admin Authentication Bypass Exploit | 22 Apr 201800:00 | – | zdt |
 | The vulnerability in the user registration verification function of the init.php script of the Interspire Email Marketer software allows a hacker to bypass the authentication process or obtain administrator privileges. | 4 Dec 201700:00 | – | bdu_fstec |
 | Interspire Email Marketer Security Bypass Vulnerability | 18 Oct 201700:00 | – | cnvd |
 | CVE-2017-14322 | 18 Oct 201718:00 | – | cve |
 | CVE-2017-14322 | 18 Oct 201718:00 | – | cvelist |
 | Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass | 24 Apr 201800:00 | – | exploitdb |
 | Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass | 24 Apr 201800:00 | – | exploitpack |
 | CVE-2017-14322 | 18 Oct 201718:29 | – | nvd |
 | Interspire IEM Remote Authentication Admin Bypass Vulnerability | 19 Oct 201700:00 | – | openvas |
 | CVE-2017-14322 | 18 Oct 201718:29 | – | osv |
10
Title:
======
Interspire Email Marketer - Remote Admin Authentication Bypass
Author:
=======
Hakan KA1/4sne, Infoteam Security (CH)
CVE-ID:
=======
CVE-2017-14322
Risk Information:
=================
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O
Timeline:
=========
2017-09-12 Vulnerability discovered
2017-09-12 Discovered vendor already fixed it but never communicated to clients, leaving hundreds vulnerable in the wild
2017-10-17 Public disclosure
Affected Products:
==================
Interspire Email Marketer prior to version 6.1.6
Vendor Homepage:
================
http://www.interspire.com/emailmarketer/
Details:
========
The function in charge of checking whether the user is already logged in
init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows
remote attackers to bypass authentication and obtain administrative
access by using the IEM_CookieLogin cookie with a specially crafted
value.
On top of that, if the customer doesn't have an annuel maintenance plan,
the application says that it's on the last available version and there is no update.
The vulnerabilities were found during an incident response on a compromise
instance of the application.
Proof of Concept:
=================
Details provided here :
https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html
Fix:
====
Vendor has patched the vulnerability in version 6.1.6, but never communicated to it's customers about it specifically.
# 0day.today [2018-01-26] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Oct 2017 00:00Current
9.4High risk
Vulners AI Score9.4
EPSS0.26136