BreakingPoint Systems Storm CTM BugReport Information Disclosure Vulnerability
By: Jeff Jarmoc
Dell SecureWorks Security Advisory SWRX-2012-005
Advisory Information
- Title: BreakingPoint Systems Storm CTM BugReport Information Disclosure Vulnerability
- Advisory ID: SWRX-2012-005
- Date published: Wednesday, August 1, 2012
- CVE: CVE-2012-2963
- CVSS v2 base score: 5.0
- Date of last update: Wednesday, August 1, 2012
- Vendors contacted: BreakingPoint Systems
- Release mode: Coordinated
- Discovered by: Jeff Jarmoc, Dell SecureWorks
Summary
A vulnerability exists in BreakingPoint Systems Storm CTM due to insufficient controls placed on the administrative interface. The BreakingPoint Systems Storm CTM is used to test networks and data centers for resilience in the face of escalating application load and attack. Diagnostic requests supplied to the embedded web server are not properly checked for authentication and authorization. An unauthenticated remote attacker can leverage this issue to retrieve a diagnostic report of the system's configuration. This report includes sensitive information, including account names and email addresses of authorized users.
PGP Signature (PC Users: You may need to right click your mouse and select "Save As" or "Save Target As" and then open with Notepad)
