Impact
Successful exploitation will allow remote attackers to perform SQL injections, arbitrary file upload/download and code execution.
Solution
Hotfixes are available for CVE-2014-4873 and CVE-2014-4874. For CVE-2014-4872 there is currently no hotfix available. As a workaround block all traffic from untrusted networks to TCP/UDP ports 9010 to 9020.
Insight
BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke methods remotely and retrieve their result (CVE-2014-4872).
An authenticated user can engage in blind SQL Injection by entering comparison operators in the POST string for the /TrackItWeb/Grid/GetData page (CVE-2014-4873).
A remote authenticated user can download arbitrary files on the /TrackItWeb/Attachment page (CVE-2014-4874).
Affected
BMC Track-It! version 11.3.0.355 and below.
Detection
Check the version of BMC Track-It!.
References
Severity
Classification
-
CVE CVE-2014-4872, CVE-2014-4873, CVE-2014-4874 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Struts2 Redirection and Security Bypass Vulnerabilities
- Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- Apache Axis2 Document Type Declaration Processing Security Vulnerability