Advisory

BreakingPoint Systems Storm CTM BugReport Information Disclosure Vulnerability

Dell SecureWorks Security Advisory SWRX-2012-005

Advisory Information

  • Title: BreakingPoint Systems Storm CTM BugReport Information Disclosure Vulnerability
  • Advisory ID: SWRX-2012-005
  • Date published: Wednesday, August 1, 2012
  • CVE: CVE-2012-2963
  • CVSS v2 base score: 5.0
  • Date of last update: Wednesday, August 1, 2012
  • Vendors contacted: BreakingPoint Systems
  • Release mode: Coordinated
  • Discovered by: Jeff Jarmoc, Dell SecureWorks

Summary

A vulnerability exists in BreakingPoint Systems Storm CTM due to insufficient controls placed on the administrative interface. The BreakingPoint Systems Storm CTM is used to test networks and data centers for resilience in the face of escalating application load and attack. Diagnostic requests supplied to the embedded web server are not properly checked for authentication and authorization. An unauthenticated remote attacker can leverage this issue to retrieve a diagnostic report of the system's configuration. This report includes sensitive information, including account names and email addresses of authorized users.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As" or "Save Target As" and then open with Notepad)

SecureWorks CTU Public Key


Back to more Threat Analyses and Advisories

GET THE LATEST SECURITY UPDATES

Thank you for your submission.

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.