0 Results Found
            Back To Results
              Advisory

              BreakingPoint Systems Storm CTM BugReport Information Disclosure Vulnerability

              Dell SecureWorks Security Advisory SWRX-2012-005

              Advisory Information

              • Title: BreakingPoint Systems Storm CTM BugReport Information Disclosure Vulnerability
              • Advisory ID: SWRX-2012-005
              • Date published: Wednesday, August 1, 2012
              • CVE: CVE-2012-2963
              • CVSS v2 base score: 5.0
              • Date of last update: Wednesday, August 1, 2012
              • Vendors contacted: BreakingPoint Systems
              • Release mode: Coordinated
              • Discovered by: Jeff Jarmoc, Dell SecureWorks

              Summary

              A vulnerability exists in BreakingPoint Systems Storm CTM due to insufficient controls placed on the administrative interface. The BreakingPoint Systems Storm CTM is used to test networks and data centers for resilience in the face of escalating application load and attack. Diagnostic requests supplied to the embedded web server are not properly checked for authentication and authorization. An unauthenticated remote attacker can leverage this issue to retrieve a diagnostic report of the system's configuration. This report includes sensitive information, including account names and email addresses of authorized users.

              Download the PDF

              PGP Signature (PC Users: You may need to right click your mouse and select "Save As" or "Save Target As" and then open with Notepad)

              SecureWorks CTU Public Key

              Related Content