|
|
Info |
Last Modified |
| 7 months ago |
|
|
|
|
Description |
The Cyclades APM contains a flaw that may allow a malicious user to gain access to unauthorized system consoles. The issue is triggered when the user changes the console name in a connection URL. This flaw may lead to a loss of integrity and/or availability.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Technical |
APM version 1.1.0 allows any APM user to connect to any console by specifying the console's name in the URL. Versions 1.2.0 and 1.2.1 of the APM only allow the user to connect to a console if they had at some time been authorized to, and accessed, the specified console.
|
|
Solution |
As a work around, it is also possible to correct the flaw by disabling the APM web interface. In addition, Cyclades has released a patch for some versions of the APM.
|
|
Products |
|
AlterPath Manager
 |
1.2.1 |
1.1.0 |
1.2.0 |
|
|
|
|
|
Credit |
- Sullo - sullo
 cirt.net - cirt.net
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
