Multiple Vendor Web Console Privilege Escalation Vulnerability
ZDI-07-080: January 27th, 2010Affected Vendors
Affected Products
Vulnerability Details
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of TippingPoint IPS and Juniper ScreenOS. Authentication is required to exploit this vulnerability.
The specific flaw exists in the web-based administrative console of the affected devices. Unprivileged users with read only permissions are not presented with restricted functionality such as the ability to modify users, device configuration or reboot the device. However, no check is made on the back end to prevent unprivileged users from accessing these resources. By manually generating requests to administrative components, privilege restrictions are easily bypassed.
Vendor Response
3Com TippingPoint states:This issue has been addressed in TippingPoint IPS version 2.5.1.6826 released on April 2nd 2007. Customers can obtain the update through the SMS device or by visiting http://tmc.tippingpoint.com
Juniper states:
This issue has been addressed in ScreenOS versions 6.0 and 5.4R4, released in April of 2007.
Disclosure Timeline
-
2007-03-16 - Vulnerability reported to vendor
2010-01-27 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Anonymous
