[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [CVE-2013-6030]Emerson Network Power Avocent MergePoint Unity 2016 KVM switches contain a directory traversal vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [CVE-2013-6030]Emerson Network Power Avocent MergePoint Unity 2016 KVM switches contain a directory traversal vulnerability
From: "shady.liu" <shady.liu@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 24 Jan 2014 15:19:13 +0800

<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: 
space; -webkit-line-break: after-white-space; ">HI:<div>&nbsp; &nbsp; 
&nbsp;Emerson Network Power Avocent MergePoint Unity 2016 KVM switches contain 
a directory traversal vulnerability.<div><br></div><div><br></div><div><span 
class="Apple-style-span" style="font-size: 18px;">Title:</span></div><div><span 
class="Apple-style-span" style="font-size: 
18px;">======</span></div><div>[CVE-2013-6030]Emerson Network Power Avocent 
MergePoint Unity 2016 KVM switches contain a directory traversal 
vulnerability</div><div><br></div><div><pre style="margin: 0em;"><span 
class="Apple-style-span" style="font-size: 18px;"><font 
class="Apple-style-span" face="Helvetica">Vendor:</font></span></pre><pre 
style="margin: 0em;"><span class="Apple-style-span" style="font-size: 
18px;"><font class="Apple-style-span" 
face="Helvetica">======</font></span></pre><pre style="margin: 0em;"><font 
class="Apple-style-span" face="Helvetica"><br></font></pre><pre style="margin: 
0em;"><div style="font-family: Helvetica; white-space: normal; "><ul 
style="margin-top: 10px !important; margin-right: 0px !important; 
margin-bottom: 5px !important; margin-left: 35px !important; padding-top: 0px; 
padding-right: 0px; padding-bottom: 0px; padding-left: 0px; border-top-width: 
0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; 
border-style: initial; border-color: initial; outline-width: 0px; 
outline-style: initial; outline-color: initial; vertical-align: baseline; 
background-color: rgb(255, 255, 255); list-style-type: disc; 
list-style-position: outside; list-style-image: initial; line-height: 18px; 
color: rgb(51, 51, 51); font-style: normal; font-variant: normal; font-weight: 
normal; letter-spacing: normal; orphans: 2; text-align: -webkit-auto; 
text-indent: 0px; text-transform: none; white-space: normal; widows: 2; 
word-spacing: 0px; -webkit-text-size-adjust: none; -webkit-text-stroke-width: 
0px; "><li style="margin-top: 5px; margin-right: 0px; margin-bottom: 5px; 
margin-left: 0px; padding-top: 3px; padding-right: 0px; padding-bottom: 3px; 
padding-left: 0px; border-top-width: 0px; border-right-width: 0px; 
border-bottom-width: 0px; border-left-width: 0px; border-style: initial; 
border-color: initial; outline-width: 0px; outline-style: initial; 
outline-color: initial; font-size: 13px; vertical-align: baseline; 
background-color: transparent; line-height: 18px; "><a 
href="http://www.emersonnetworkpower.com/en-US/Products/InfrastructureManagement/DigitalKVMAppliances/Pages/AvocentMergePointUnityAppliances.aspx";
 style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 
0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 
0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; 
border-left-width: 0px; border-style: initial; border-color: initial; 
outline-width: 0px; outline-style: initial; outline-color: initial; font-size: 
13px; vertical-align: baseline; background-color: transparent; color: rgb(0, 
87, 141); text-decoration: none; 
">http://www.emersonnetworkpower.com/en-US/Products/InfrastructureManagement/DigitalKVMAppliances/Pages/AvocentMergePointUnityAppliances.aspx</a></li><li
 style="font-family: Arial, Helvetica, Tahoma, sans-serif; margin-top: 5px; 
margin-right: 0px; margin-bottom: 5px; margin-left: 0px; padding-top: 3px; 
padding-right: 0px; padding-bottom: 3px; padding-left: 0px; border-top-width: 
0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; 
border-style: initial; border-color: initial; outline-width: 0px; 
outline-style: initial; outline-color: initial; font-size: 13px; 
vertical-align: baseline; background-color: transparent; line-height: 18px; 
"><a 
href="http://www.avocent.com/Support_Firmware/MergePoint_Unity/MergePoint_Unity_Switch.aspx";
 style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 
0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 
0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; 
border-left-width: 0px; border-style: initial; border-color: initial; 
outline-width: 0px; outline-style: initial; outline-color: initial; font-size: 
13px; vertical-align: baseline; background-color: transparent; color: rgb(0, 
87, 141); text-decoration: none; 
">http://www.avocent.com/Support_Firmware/MergePoint_Unity/MergePoint_Unity_Switch.aspx</a></li><li
 style="font-family: Arial, Helvetica, Tahoma, sans-serif; margin-top: 5px; 
margin-right: 0px; margin-bottom: 5px; margin-left: 0px; padding-top: 3px; 
padding-right: 0px; padding-bottom: 3px; padding-left: 0px; border-top-width: 
0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; 
border-style: initial; border-color: initial; outline-width: 0px; 
outline-style: initial; outline-color: initial; font-size: 13px; 
vertical-align: baseline; background-color: transparent; line-height: 18px; 
"><a 
href="http://www.avocent.com/Support_Firmware/MergePoint_Unity/MergePoint_Unity_Switch_-_Previous_Releases.aspx";
 style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 
0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 
0px; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; 
border-left-width: 0px; border-style: initial; border-color: initial; 
outline-width: 0px; outline-style: initial; outline-color: initial; font-size: 
13px; vertical-align: baseline; background-color: transparent; color: rgb(0, 
87, 141); text-decoration: none; 
">http://www.avocent.com/Support_Firmware/MergePoint_Unity/MergePoint_Unity_Switch_-_Previous_Releases.aspx</a></li></ul></div><div><br></div></pre><pre
 style="margin: 0em;">
<pre style="margin: 0em;"><font class="Apple-style-span" face="Helvetica" 
style="font-size: 18px;">Severity: </font>
<font class="Apple-style-span" face="Helvetica" style="font-size: 
18px;">======</font>
<font class="Apple-style-span" 
face="Helvetica">Important</font></pre><div><br></div></pre><div><pre 
style="margin: 0em;"><span class="Apple-style-span" style="font-size: 
18px;"><font class="Apple-style-span" face="Helvetica">Versions Affected: 
</font></span>
<font class="Apple-style-span" face="Helvetica" style="font-size: 
18px;">======</font>
<span class="Apple-style-span" style="font-family: Helvetica; white-space: 
normal; ">&nbsp;Emerson Network Power Avocent MergePoint Unity 2016 (MPU2016) 
KVM switches running firmware version 1.9.16473 and possibly previous versions 
contain a directory traversal vulnerability. An attacker can use directory 
traversal to download critical files such as /etc/passwd to obtain the 
credentials for the device.</span>

<font class="Apple-style-span" face="Helvetica" style="font-size: 
18px;">Author: 
======</font>
<font class="Apple-style-span" face="Helvetica"><a 
href="mailto:Shady.liu@xxxxxxxxxxxxxxxxxxxx";>Shady.liu@xxxxxxxxxxxxxxxxxxxx</a></font>
</pre><pre style="margin: 0em;"><font class="Apple-style-span" 
face="Helvetica"><br></font></pre><pre style="margin: 0em;"><font 
class="Apple-style-span" face="Helvetica"><span class="Apple-style-span" 
style="white-space: normal; "><pre style="margin-top: 0em; margin-right: 0em; 
margin-bottom: 0em; margin-left: 0em; "><font class="Apple-style-span" 
face="Helvetica" style="font-size: 18px; ">Description: 
======</font></pre></span><div>A remote unauthenticated attacker can download 
the configuration files of the device and use the obtained administrator 
credentials to access the interface. The attacker may then modify the settings 
of the device with unrestricted 
access.</div><div><br></div></font></pre><div><pre style="margin-top: 0em; 
margin-right: 0em; margin-bottom: 0em; margin-left: 0em; "><font 
class="Apple-style-span" face="Helvetica" style="font-size: 18px; ">Abstract: 
======</font></pre><div><br></div><pre style="margin: 0em;"><p style="margin: 
0.0px 0.0px 16.0px 0.0px; font: 13.0px 'Microsoft YaHei'"><a 
href="http://www.securityfocus.com/bid/65105";>http://www.securityfocus.com/bid/65105</a></p><p
 style="margin: 0.0px 0.0px 16.0px 0.0px; font: 13.0px 'Microsoft YaHei'"><a 
href="http://osvdb.org/show/osvdb/102408";>http://osvdb.org/show/osvdb/102408</a></p><p
 style="margin: 0.0px 0.0px 16.0px 0.0px; font: 13.0px 'Microsoft YaHei'"><a 
href="http://www.kb.cert.org/vuls/id/168751";>http://www.kb.cert.org/vuls/id/168751</a></p></pre></div></div></div><div><div><br></div></div><div><pre
 style="margin-top: 0em; margin-right: 0em; margin-bottom: 0em; margin-left: 
0em; "><font class="Apple-style-span" face="Helvetica" style="font-size: 18px; 
">Exploit: 
======</font></pre><div><br></div></div><div><img 
id="39533788-447a-4f7b-9f8b-40aa8fcb7f28" height="269" width="416" 
apple-width="yes" apple-height="yes" 
src="cid:C0D54DBD-57C9-46E7-B8D0-B91942E5EA61"></div><div><br></div><div><img 
id="5c26b486-7329-49e0-93de-f980f7bf6a3f" height="265" width="416" 
apple-width="yes" apple-height="yes" 
src="cid:9831D6A3-0526-480F-AF60-B989C8D3C3DB"><br><div 
apple-content-edited="true">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; 
-webkit-line-break: after-white-space; "><div style="word-wrap: break-word; 
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div 
style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: 
after-white-space; "><div><div style="word-wrap: break-word; -webkit-nbsp-mode: 
space; -webkit-line-break: after-white-space; "><div style="word-wrap: 
break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; 
"><br></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; 
-webkit-line-break: after-white-space; "><br></div><div style="word-wrap: 
break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; 
">DBAppSecurity 
Co.Ltd.<br>-----------------------------------------------------------<br><br></div><div
 style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: 
after-white-space; 
">Email:Shady.liu@xxxxxxxxxxxxxxxxxxxx<br>----------------------------------------------------------</div></div></div></div></div></div>
</div>
<br></div></div></body></html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] CALL FOR PAPERS - NUIT DU HACK - 28/29 JUNE 2014
Next by Date: [Full-disclosure] Healthcare.gov noise
Previous by thread: [Full-disclosure] CALL FOR PAPERS - NUIT DU HACK - 28/29 JUNE 2014
Next by thread: [Full-disclosure] Healthcare.gov noise
Index(es):
- Date
- Thread