|
Description
|
|
Luigi Auriemma has discovered two vulnerabilities in NetDecision, which can be exploited by malicious people to disclose potentially sensitive information.
1) An input validation error in the NOCVision server when processing web requests can be exploited to disclose arbitrary files via directory traversal attacks sent to TCP port 8090.
2) An input validation error in the Traffic Grapher server when processing web requests can be exploited to disclose arbitrary files via directory traversal attacks sent to TCP port 8087.
The vulnerabilities are confirmed in version 4.6.1. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
NetDecision 4.x
|
|
|
|
|
|
Solution
|
|
Restrict access to trusted hosts only.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://aluigi.altervista.org/adv/netdecision_1-adv.txt
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
