Detections
Analytics

Presto! PageManager Network Group Service Packet Network Request Parsing Arbitrary File Access

high Nessus Plugin ID 59114

Language:

Synopsis

Arbitrary files may be read on the remote host.

Description

The installation of Presto! PageManager on the remote host is bundled with a file transfer service referred to as 'NetGroup' or 'Network Group Service' that allows an unauthenticated, remote attacker to retrieve the contents of arbitrary files on the affected host.

Note that this service is also likely affected by denial of service (DoS) and heap-overflow vulnerabilities, although Nessus has not checked for them.

Solution

As of this writing, no fix has been released. Until one has been released, you should either disable the 'Network Group Service' or limit access to it with a firewall.

See Also

http://aluigi.altervista.org/adv/pagemanager_1-adv.txt

Plugin Details

Severity: High

ID: 59114

File Name: presto_pagemanager_netgroup_file_disclosure.nasl

Version: 1.9

Type: remote

Agent: windows

Family: Windows

Published: 5/16/2012

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/a:newsoftinc:presto%21_pagemanager

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 3/14/2012

Reference Information

BID: 52503