ID de Prueba:	1.3.6.1.4.1.25623.1.0.103814
Categoría:	Web application abuses
Título:	ShoreTel ShoreWare Director Remote Security Bypass Vulnerability
Resumen:	ShoreWare Director is prone to a remote security bypass vulnerability.
Descripción:	Summary: ShoreWare Director is prone to a remote security bypass vulnerability. Vulnerability Insight: By default, the /ShorewareDirector directory is available via anonymous FTP, unrestricted, and with read-write access. It is vulnerable to: - A Denial of Service (DoS) filling up the disk with arbitrary files. If the directory resides on the C: drive, it could make the entire server unavailable. Otherwise, it could prevent administrators from changing menu prompts or other system functions utilizing the same disk. - Unauthenticated changes and deletion of menu prompts actively being used by the system. Deleting an actively used file will cause the system to use the default greeting. An attacker could overwrite an active prompt (can take hours to refresh from the FTP server though) that would result in a good laugh and high fives, but also could be used to convince users to take further action or disclose sensitive information as a step in a more complex attack. Vulnerability Impact: Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions or cause a denial-of-service condition. Affected Software/OS: ShoreWare Director 18.61.7500.0 is vulnerable. Other versions may also be affected. Solution: Ask the Vendor for an update. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.