Detections
Analytics

Zenoss < 4.2.5 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 8594

Synopsis

The remote server hosting Zenoss Core is running an outdated and vulnerable version.

Description

Versions of Zenoss prior to 4.2.5 are unpatched and potentially affected by multiple vulnerabilities :

- Prone to a cross-site request forgery that could be used to trick a user into changing their password.(ZEN-12653)

 - A stored cross-site scripting vulnerability on pages which display device names and details.(ZEN-15381)

 - Multiple information-disclosure vulnerabilities due to the stack trace returning sensitive information when renaming a product with special characters.(ZEN-15382)

 - An open redirect vulnerability exposed in the login form.(ZEN-11998)

 - Remote code execution vulnerability which can occur via Version Check.(ZEN-12657)

 - Authorization Bypass allowing an attacker to move or execute files on the server remotely.(ZEN-15386)

 - A cross-site request forgery which leads to ZenPack installation at time of server boot.(ZEN-15388)

 - Login sessions to Zenoss do not expire.(ZEN-12691)

 - Information Disclosure permitting unprivileged users to list all users of Zenoss.(ZEN-15389)

 - Multiple logon vulnerabilities due to insecure password hashing, low complexity requirements, and plaintext credential storage on the server.(ZEN-15413, ZEN-15406, ZEN-15416, ZEN-10148)

 - Authorization bypass exists in Zope web platform invoked through as web endpoints through numerous helper methods.(ZEN-15407)

 - Unnecessary exposed services in default Zenoss configuration.(ZEN-15408)

 - Several stored and reflected cross-site scripting vulnerabilities due to the way data is displayed on asset detail pages.(ZEN-15410)

 - Denial of Service vulnerability on a publicly accessible endpoint of Zenoss to specify an exhaustive regex which could render the application inaccessible.(ZEN-15411)

 - Page Command for sysadmins via Zenoss can be edited without password re-entry.(ZEN-15412)

 - "Billion Laughs" Denial of Service vulnerability which can result in remote code execution.(ZEN-15414, ZEN-15415)

Solution

Upgrade to Zenoss Core 4.2.5 or later.

See Also

http://www.zenoss.com

http://www.kb.cert.org/vuls/id/449452

Plugin Details

Severity: High

ID: 8594

Family: CGI

Published: 12/9/2014

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:zenoss:http_server

Patch Publication Date: 12/8/2014

Vulnerability Publication Date: 12/5/2014

Reference Information

CVE: CVE-2014-6253, CVE-2014-6254, CVE-2014-6255, CVE-2014-6256, CVE-2014-6257, CVE-2014-6258, CVE-2014-6259, CVE-2014-6260, CVE-2014-6261, CVE-2014-6262, CVE-2014-9245, CVE-2014-9246, CVE-2014-9247, CVE-2014-9248, CVE-2014-9249, CVE-2014-9250, CVE-2014-9251, CVE-2014-9252

BID: 71541, 71540, 71539, 71538, 71537, 71536, 71535, 71533, 71532, 71531, 71530, 71529, 71528, 71527, 71526, 71525, 71524, 71523