Presto! PageManager Network Group Service Packet Network Request Parsing Arbitrary File Access

High Nessus Plugin ID 59114


Arbitrary files may be read on the remote host.


The installation of Presto! PageManager on the remote host is bundled with a file transfer service referred to as 'NetGroup' or 'Network Group Service' that allows an unauthenticated, remote attacker to retrieve the contents of arbitrary files on the affected host.

Note that this service is also likely affected by denial of service (DoS) and heap-overflow vulnerabilities, although Nessus has not checked for them.


As of this writing, no fix has been released. Until one has been released, you should either disable the 'Network Group Service' or limit access to it with a firewall.

See Also

Plugin Details

Severity: High

ID: 59114

File Name: presto_pagemanager_netgroup_file_disclosure.nasl

Version: $Revision: 1.7 $

Type: remote

Agent: windows

Family: Windows

Published: 2012/05/16

Modified: 2017/06/12

Dependencies: 11936

Risk Information

Risk Factor: High


Base Score: 7.8

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Temporal Vector: CVSS2#E:POC/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:newsoftinc:presto%21_pagemanager

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2012/03/14

Reference Information

BID: 52503

OSVDB: 80130

EDB-ID: 18600