VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' Remote Command Execution Vulnerability Network Vulnerability

Summary

VMTurbo Operations Manager is prone to a remote command-execution vulnerability.

Impact

An attacker may leverage this issue to execute arbitrary OS commands in the context of the affected application.

Solution

Update to VMTurbo Operations Manager >= 4.6-28657.

Insight

Input passed via the "fileDate" GET parameter to /cgi-bin/vmtadmin.cgi (when "callType" is set to "DOWN" and "actionType" is set to "GETBRAND", "GETINTEGRATE", "FULLBACKUP", "CFGBACKUP", "EXPORTBACKUP", "EXPERTDIAGS", or "EXPORTDIAGS") is not properly sanitised before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands with privileges of the "wwwrun" user.

Affected

VMTurbo Operations Manager 4.6 and prior are vulnerable.

Detection

Send two special crafted HTTP GET requests and check the response.

References

http://secunia.com/secunia_research/2014-8/
http://www.securityfocus.com/bid/69225

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-5073
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AWStats configdir parameter arbitrary cmd exec
Athena Web Registration remote command execution flaw
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
Apache Archiva Multiple Remote Command Execution Vulnerabilities
Advantech WebAccess Multiple Vulnerabilities

Take action and discover your vulnerabilities