Dell OpenManage "ViewFile" Directory Traversal Vulnerability


Description   (:A directory traversal was reported in Dell OpenManage.:A remote attacker, authenticated as an administrator on the application, could exploit it by sending specially crafted requests in order to access arbitrary file on the system with the privileges of the OpenManage process.::This vulnerability stems from an improper input validation for the "file" parameter of the "ViewFile" web page.::A proof of concept is available.)
     
Vulnerable Products   Vulnerable Software:
OpenManage (Dell) - 8.2
     
Solution   No solution for the moment.
     
CVE  
     
References   - Exploit-DB : Dell OpenManage Server Administrator 8.2 - Authenticated Directory Traversal
https://www.exploit-db.com/exploits/39486/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Directory traversal
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2016-02-23 

 Target Type 
Server 

 Possible exploit 
Remote