|
Feeds -
Exploits
|
|
Written by TaMbaRuS
|
|
Monday, 06 April 2009 23:02 |
Nokia Siemens Networks Flexi ISN Multiple Authentication Bypass Vulnerabilities
-\\Bugtraq ID:
34299
-\\Class:
Access Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 30 2009 12:00AM
-\\Updated:
Apr 06 2009 09:16PM
-\\Credit:
TaMbaRuS
-\\Vulnerable:
Nokia Siemens Networks Flexi ISN 3.1
-\\Discussion
The Nokia Siemens Networks Flexi ISN (Intelligent Service Node) device
is prone to multiple authentication-bypass vulnerabilities because its
web-based management interface fails to restrict access to certain
administration scripts.
An attacker can exploit these issues to gain unauthorized access to the
affected device, which may lead to other attacks.
These issues affect Flexi ISN 3.1; other devices or versions may also
be vulnerable.
UPDATE (April 6, 2009): This issue is disputed; it is reported that the
device is not vulnerable as described. This BID will be updated as more
information becomes available.
-\\Exploit(s)/PoC(s):
Attackers may exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/cgi-bin/aaa.tcl?
http://www.example.com/cgi-bin/aggr_config.tcl?
http://www.example.com/opt/cgi-bin/ggsn/cgi.tcl?page=ggsnconf
http://www.example.com/opt/cgi-bin/services.tcl?instance=default
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel
we are in error or if you are aware of more recent information, please
mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Vendor Homepage
http://www.nokiasiemensnetworks.com/global/Index.htm?languagecode=e (Nokia Siemens Networks)
|
