Summary
VMTurbo Operations Manager is prone to a remote command-execution vulnerability.
Impact
An attacker may leverage this issue to execute arbitrary OS commands in the context of the affected application.
Solution
Update to VMTurbo Operations Manager >= 4.6-28657.
Insight
Input passed via the "fileDate" GET parameter to /cgi-bin/vmtadmin.cgi (when "callType" is set to "DOWN" and "actionType" is set to "GETBRAND", "GETINTEGRATE", "FULLBACKUP", "CFGBACKUP", "EXPORTBACKUP", "EXPERTDIAGS", or "EXPORTDIAGS") is not properly sanitised before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands with privileges of the "wwwrun" user.
Affected
VMTurbo Operations Manager 4.6 and prior are vulnerable.
Detection
Send two special crafted HTTP GET requests and check the response.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-5073 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities