Ipswitch WhatsUp Gold < 16.5.0 WrFreeFormText.asp sUniqueID Parameter Blind SQLi (credentialed)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An application installed on the remote host is affected by a SQL
injection vulnerability

Description :

According to its self-reported version number, the Ipswitch WhatsUp
Gold application installed on the remote host is prior to 16.5.0. It
is, therefore, affected by a SQL injection vulnerability within file
WrFreeFormText.asp due to improper sanitization of user-supplied input
to the 'sUniqueID' parameter and the 'find device' field. An
authenticated, remote attacker can exploit this issue to inject or
manipulate SQL queries in the back-end database, resulting in the
manipulation or disclosure of arbitrary data.

Note that this issue was tested only on version 16.4.1 but is believed
to affect all previous versions.

See also :

http://www.nessus.org/u?6f292cca
http://www.tenable.com/security/research/tra-2016-15

Solution :

Upgrade to Ipswitch WhatsUp Gold version 16.5.0 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 97140 ()

Bugtraq ID: 94496

CVE ID: CVE-2016-1000000

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now