Detections
Analytics

ServerView Servername Parameter Arbitrary Command Execution

high Nessus Plugin ID 25672

Language:

Synopsis

The remote web server contains a CGI script that allows arbitrary command execution.

Description

The remote host is running ServerView, a web-based suite of asset management tools.

The version of ServerView installed on the remote host fails to sanitize user-supplied input to the 'Servername' parameter of the 'SnmpView/SnmpListMibValues' script before using it to execute a shell command. An unauthenticated attacker can leverage this issue to execute arbitrary code on the remote host subject to the privileges of the web server user id.

Note that the same result can be achieved via input to the 'ServerName' subparameter of the 'Parameterlist' parameter of the 'DBAsciiAccess' script.

Solution

Upgrade to ServerView version 4.50.09 as that reportedly fixes the issue.

See Also

https://www.securityfocus.com/archive/1/472800/30/0/threaded

Plugin Details

Severity: High

ID: 25672

File Name: serverview_servername_cmd_exec.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 7/6/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:fujitsu:serverview

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 7/5/2007

Reference Information

CVE: CVE-2007-3011

BID: 24762