Impact
Successful exploitation will allow remote attackers to perform SQL injections, arbitrary file upload/download and code execution.
Solution
Hotfixes are available for CVE-2014-4873 and CVE-2014-4874. For CVE-2014-4872 there is currently no hotfix available. As a workaround block all traffic from untrusted networks to TCP/UDP ports 9010 to 9020.
Insight
BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke methods remotely and retrieve their result (CVE-2014-4872).
An authenticated user can engage in blind SQL Injection by entering comparison operators in the POST string for the /TrackItWeb/Grid/GetData page (CVE-2014-4873).
A remote authenticated user can download arbitrary files on the /TrackItWeb/Attachment page (CVE-2014-4874).
Affected
BMC Track-It! version 11.3.0.355 and below.
Detection
Check the version of BMC Track-It!.
References
Severity
Classification
-
CVE CVE-2014-4872, CVE-2014-4873, CVE-2014-4874 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- AdPeeps 'index.php' Multiple Vulnerabilities.
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- ASUS RT56U Router Multiple Vulnerabilities