Sign-up

ID

VAR-200605-0058


CVE

CVE-2006-2356


TITLE

Ipswitch WhatsUp Professional RenderMap.asp Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200605-267

DESCRIPTION

NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. WhatsUp is prone to a information disclosure vulnerability. 1) Input passed to NmConsole/Navigation.asp and to the "sHostname" parameter in NmConsole/ToolResults.asp is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a logged in user's browser session in context of a vulnerable site. Example: http://[host]:8022/NmConsole/Navigation.asp?">[code] 2) Input passed to NmConsole/Tools.asp and NmConsole/DeviceSelection.asp is also not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a logged in user's browser session in context of a vulnerable site. 3) It's possible to disclose monitored devices without being logged in by passing arbitrary values to the "nDeviceGroupID" parameter in "NmConsole/utility/RenderMap.asp". Example: http://[host]:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=2 4) Input passed to the "sRedirectUrl" and "sCancelURL" in NmConsole/DeviceSelection.asp is not properly verified, which makes it possible to redirect a user to an arbitrary web site. It is also possible to disclose the source code of the ASP pages by appending a period to the end of the file extension. 5) Different error messages are returned during login to "NmConsole/Login.asp" depending on whether the supplied username or password is incorrect. 6) It is possible to disclose path information in 404 error messages returned by the service. Example: http://[host]:8022/NmConsole The vulnerabilities and weaknesses have been confirmed in WhatsUp Professional 2006. SOLUTION: Restrict access to port 8022/tcp and don't visit other web sites while logged in. PROVIDED AND/OR DISCOVERED BY: 1, 3, 4) David Maciejak 2, 5, 6) Reported by an anonymous person. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-2356 // BID: 87651 // VULHUB: VHN-18464 // PACKETSTORM: 46269

AFFECTED PRODUCTS

vendor:ipswitchmodel:whatsup professionalscope:eqversion:2006

Trust: 1.6

vendor:ipswitchmodel:whatsup professionalscope:eqversion:2006-

Trust: 0.3

sources: BID: 87651 // CNNVD: CNNVD-200605-267 // NVD: CVE-2006-2356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2356
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200605-267
value: MEDIUM

Trust: 0.6

VULHUB: VHN-18464
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-2356
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-18464
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-18464 // CNNVD: CNNVD-200605-267 // NVD: CVE-2006-2356

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-18464 // NVD: CVE-2006-2356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-267

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200605-267

EXTERNAL IDS

db:SREASONid:897

Trust: 2.0

db:NVDid:CVE-2006-2356

Trust: 2.0

db:SECUNIAid:20075

Trust: 1.8

db:OSVDBid:25475

Trust: 1.7

db:VUPENid:ADV-2006-1787

Trust: 1.7

db:XFid:26505

Trust: 0.9

db:CNNVDid:CNNVD-200605-267

Trust: 0.7

db:BUGTRAQid:20060511 IPSWITCH WHATSUP PROFESSIONAL MULTIPLE FLAWS

Trust: 0.6

db:BIDid:87651

Trust: 0.4

db:VULHUBid:VHN-18464

Trust: 0.1

db:PACKETSTORMid:46269

Trust: 0.1

sources: VULHUB: VHN-18464 // BID: 87651 // PACKETSTORM: 46269 // CNNVD: CNNVD-200605-267 // NVD: CVE-2006-2356

REFERENCES

url:http://www.securityfocus.com/archive/1/433808

Trust: 2.0

url:http://securityreason.com/securityalert/897

Trust: 2.0

url:http://www.osvdb.org/25475

Trust: 1.7

url:http://secunia.com/advisories/20075

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/1787

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26505

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/26505

Trust: 0.9

url:http://www.frsirt.com/english/advisories/2006/1787

Trust: 0.6

url:http://secunia.com/product/9917/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://[host]:8022/nmconsole/utility/rendermap.asp?ndevicegroupid=2

Trust: 0.1

url:http://secunia.com/advisories/20075/

Trust: 0.1

url:http://secunia.com/product/9918/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://[host]:8022/nmconsole/navigation.asp?">[code]

Trust: 0.1

url:http://[host]:8022/nmconsole

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-18464 // BID: 87651 // PACKETSTORM: 46269 // CNNVD: CNNVD-200605-267 // NVD: CVE-2006-2356

CREDITS

Unknown

Trust: 0.3

sources: BID: 87651

SOURCES

db:VULHUBid:VHN-18464
db:BIDid:87651
db:PACKETSTORMid:46269
db:CNNVDid:CNNVD-200605-267
db:NVDid:CVE-2006-2356

LAST UPDATE DATE

2024-08-14T13:49:41.265000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-18464date:2017-12-04T00:00:00
db:BIDid:87651date:2006-05-15T00:00:00
db:CNNVDid:CNNVD-200605-267date:2006-05-15T00:00:00
db:NVDid:CVE-2006-2356date:2017-12-04T18:58:33.610

SOURCES RELEASE DATE

db:VULHUBid:VHN-18464date:2006-05-15T00:00:00
db:BIDid:87651date:2006-05-15T00:00:00
db:PACKETSTORMid:46269date:2006-05-17T05:39:52
db:CNNVDid:CNNVD-200605-267date:2006-05-15T00:00:00
db:NVDid:CVE-2006-2356date:2006-05-15T10:02:00