0 Results Found
              Back To Results
                Advisories

                BreakingPoint Systems Storm CTM BugReport Information Disclosure Vulnerability

                By: Jeff Jarmoc

                Dell SecureWorks Security Advisory SWRX-2012-005

                Advisory Information

                • Title: BreakingPoint Systems Storm CTM BugReport Information Disclosure Vulnerability
                • Advisory ID: SWRX-2012-005
                • Date published: Wednesday, August 1, 2012
                • CVE: CVE-2012-2963
                • CVSS v2 base score: 5.0
                • Date of last update: Wednesday, August 1, 2012
                • Vendors contacted: BreakingPoint Systems
                • Release mode: Coordinated
                • Discovered by: Jeff Jarmoc, Dell SecureWorks

                Summary

                A vulnerability exists in BreakingPoint Systems Storm CTM due to insufficient controls placed on the administrative interface. The BreakingPoint Systems Storm CTM is used to test networks and data centers for resilience in the face of escalating application load and attack. Diagnostic requests supplied to the embedded web server are not properly checked for authentication and authorization. An unauthenticated remote attacker can leverage this issue to retrieve a diagnostic report of the system's configuration. This report includes sensitive information, including account names and email addresses of authorized users.

                Download the PDF

                PGP Signature (PC Users: You may need to right click your mouse and select "Save As" or "Save Target As" and then open with Notepad)

                SecureWorks CTU Public Key

                Related Content