GroundWork Monitor Enterprise Multiple Vulnerabilities

by Carol~ Moderator - 3/12/13 4:58 AM

In Reply to: VULNERABILITIES / FIXES - March 12, 2013 by Carol~ Moderator

Release Date : 2013-03-12

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Where : From remote
Solution Status : Partial Fix

Software: GroundWork Monitor Enterprise 6.x

Description:
Johannes Greil has reported multiple vulnerabilities in GroundWork Monitor Enterprise, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks and bypass certain security restrictions.

1) The application does not properly verify user authorization in Foundation, Performance View, Cacti, NeDi, Configuration, and Nagios components. This can be exploited to bypass the intended security checks and e.g. manipulate certain application settings or disclose certain sensitive information.

2) Certain unspecified input related to NeDi and NoMa components is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

3) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain actions when a logged-in user visits a specially crafted web page.

The vulnerabilities are reported in version 6.7.0-br287-gw1571. Other versions may also be affected.

Solution:
No official solution is currently available. Apply the vendor workaround, which mitigates vulnerability #1.

Provided and/or discovered by:
Johannes Greil, SEC Consult

Original Advisory:
SEC Consult (SA-20130308-0, SA-20130308-1):
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-0_GroundWork_Monitoring_Multiple_critical_vulnerabilities_wo_poc_v10.txt
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt

http://secunia.com/advisories/51035/