Application Details
SoftGuard is a network management extension which collects inventory, analysis, and debugging data of devices and networks.
Vulnerability
SoftGuard Web could allow a remote authenticated attacker to obtain sensitive information, caused by insufficient validation of user-supplied input by the export function and built-in man functionality in the SNMP Network Management Extension component.
Identification
By sending a specially crafted request the attacker is able to define the complete path and the filename allowing them to read any arbitrary local file.
POST /cgi-bin/man.tclPAYLOAD - act=1&x=/etc/passwd&submit=ExecuteDetection
By turning this into a traffic file and matching rule, we are able to detect attempts to download arbitrary files onto the system, to launch attacks.
Coverage
Idappcom has created signature 8022802 along with a traffic file.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional
Kommentare