Riverbed SteelCentral NetProfiler Multiple Vulnerabilities Fixed by 10.9.0
Description
(#Several vulnerabilities were reported in Riverbed SteelCentral NetProfiler:#- SQL injection in the POST "username" parameter of the login form (/api/common/1.0/login) in the REST API. A remote attacker could exploit it by sending specially crafted requests in order to add arbitrary users ; allowing authentication bypass##- SQL injection in the "report_id" parameter of the "/popup.php?page=export_report" web page##- SQL injection in the "id" parameter of the "/popup.php?page=algorithm_settings" web page##- SQL injection via multiple POST parameters in the "/index.php?page=port_config" web page##- multiple arbitrary command injection in the web interface allowing remote code execution##- privilege escalation due to unsecure configuration of sudoers file##- local file include to improper user input validation in the "dass" parameter of the "sensor/ta_loader.php" web page##- multiple cross-site scripting##- account hijacking in "/index.php?page=security_compliance" via the password reset feature##- hardcoded default credentials (mazu, dhcp, root) with static password.##Proofs of concept are available.##Updated, 10/07/2016:#An exploitation code has been added to the Metasploit framework in order to exploit the following vulnerabilities:#- SQL injection in the login form#- arbitrary commands injection#- privileges escalation.)
Vulnerable Products
Vulnerable Software: Netprofiler (Riverbed) -
Solution
Riverbed has released version 10.9.0 of SteelCentral NetProfiler which fixes these vulnerabilities.
