ID de Prueba:	1.3.6.1.4.1.25623.1.0.105067
Categoría:	Web application abuses
Título:	VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' RCE Vulnerability
Resumen:	VMTurbo Operations Manager is prone to a remote command; execution (RCE) vulnerability.
Descripción:	Summary: VMTurbo Operations Manager is prone to a remote command execution (RCE) vulnerability. Vulnerability Insight: Input passed via the 'fileDate' GET parameter to /cgi-bin/vmtadmin.cgi (when 'callType' is set to 'DOWN' and 'actionType' is set to 'GETBRAND', 'GETINTEGRATE', 'FULLBACKUP', 'CFGBACKUP', 'EXPORTBACKUP', 'EXPERTDIAGS', or 'EXPORTDIAGS') is not properly sanitised before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands with privileges of the 'wwwrun' user. Vulnerability Impact: An attacker may leverage this issue to execute arbitrary OS commands in the context of the affected application. Affected Software/OS: VMTurbo Operations Manager 4.6 and prior are vulnerable. Solution: Update to VMTurbo Operations Manager >= 4.6-28657. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5073 BugTraq ID: 69225 http://www.securityfocus.com/bid/69225 http://www.exploit-db.com/exploits/34335 http://disse.cting.org/2014/07/30/vmturbo-operation-manager-remote-command-execution/ http://packetstormsecurity.com/files/127864/VMTurbo-Operations-Manager-4.6-vmtadmin.cgi-Remote-Command-Execution.html http://secunia.com/secunia_research/2014-8/ http://www.osvdb.org/109572 http://secunia.com/advisories/58880 XForce ISS Database: vmturbo-cve20145073-cmd-exec(95319) https://exchange.xforce.ibmcloud.com/vulnerabilities/95319
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.