Magento Community Edition 2.x < 2.0.6 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 9694

Synopsis

The remote web server is running an outdated instance of Magento Community Edition (CE) that is affected by multiple attack vectors.

Description

Versions of Magento CE 2.x prior to 2.0.6 are affected by multiple vulnerabilities :

- An unspecified flaw exists in the REST and SOAP APIs that may allow a remote attacker to execute arbitrary PHP Code. No further details have been provided.
- A flaw exists that is due to the program leaving the '/app/etc' directory writable. This may allow a remote attacker to execute arbitrary PHP code after perform an unauthorized reinstallation of the program.
- A flaw exists in '/rest/default/V1/guest-carts/<guestCartId>/shipping-information' that is triggered by the insecure deserialization of Java objects during the handling of SOAP or REST calls. This may a remote attacker to make changes to arbitrary files, and subsequently to customer accounts.
- A flaw exists that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the Authorize.net Module does not validate input to multiple parameters before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
- A flaw exists in the Quote API that may allow a remote attacker to gain access to private data of registers customers.
- A flaw exists that is due to overly verbose unhandled exception error messages. This may allow a remote attacker to gain access to file path information.

Solution

Upgrade to Magento CE version 2.0.6 or later.

See Also

https://magento.com/security/patches/magento-206-security-update

Plugin Details

Severity: Critical

ID: 9694

Family: CGI

Published: 2016/10/17

Updated: 2019/03/06

Dependencies: 9691

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:magento:magento

Patch Publication Date: 2012/05/16

Vulnerability Publication Date: 2012/05/16