Presto! PageManager Network Group Service Packet Network Request Parsing Arbitrary File Access

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

Arbitrary files may be read on the remote host.

Description :

The installation of Presto! PageManager on the remote host is bundled
with a file transfer service referred to as 'NetGroup' or 'Network
Group Service' that allows an unauthenticated, remote attacker to
retrieve the contents of arbitrary files on the affected host.

Note that this service is also likely affected by denial of service
(DoS) and heap-overflow vulnerabilities, although Nessus has not
checked for them.

See also :

http://aluigi.altervista.org/adv/pagemanager_1-adv.txt

Solution :

As of this writing, no fix has been released. Until one has been
released, you should either disable the 'Network Group Service' or
limit access to it with a firewall.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 7.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 59114 ()

Bugtraq ID: 52503

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now