Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Zenoss < 4.2.5 Multiple Vulnerabilities

High

Synopsis

The remote server hosting Zenoss Core is running an outdated and vulnerable version.

Description

Versions of Zenoss prior to 4.2.5 are unpatched and potentially affected by multiple vulnerabilities :

- Prone to a cross-site request forgery that could be used to trick a user into changing their password.(ZEN-12653)

- A stored cross-site scripting vulnerability on pages which display device names and details.(ZEN-15381)

- Multiple information-disclosure vulnerabilities due to the stack trace returning sensitive information when renaming a product with special characters.(ZEN-15382)

- An open redirect vulnerability exposed in the login form.(ZEN-11998)

- Remote code execution vulnerability which can occur via Version Check.(ZEN-12657)

- Authorization Bypass allowing an attacker to move or execute files on the server remotely.(ZEN-15386)

- A cross-site request forgery which leads to ZenPack installation at time of server boot.(ZEN-15388)

- Login sessions to Zenoss do not expire.(ZEN-12691)

- Information Disclosure permitting unprivileged users to list all users of Zenoss.(ZEN-15389)

- Multiple logon vulnerabilities due to insecure password hashing, low complexity requirements, and plaintext credential storage on the server.(ZEN-15413, ZEN-15406, ZEN-15416, ZEN-10148)

- Authorization bypass exists in Zope web platform invoked through as web endpoints through numerous helper methods.(ZEN-15407)

- Unnecessary exposed services in default Zenoss configuration.(ZEN-15408)

- Several stored and reflected cross-site scripting vulnerabilities due to the way data is displayed on asset detail pages.(ZEN-15410)

- Denial of Service vulnerability on a publicly accessible endpoint of Zenoss to specify an exhaustive regex which could render the application inaccessible.(ZEN-15411)

- Page Command for sysadmins via Zenoss can be edited without password re-entry.(ZEN-15412)

- "Billion Laughs" Denial of Service vulnerability which can result in remote code execution.(ZEN-15414, ZEN-15415)

Solution

Upgrade to Zenoss Core 4.2.5 or later.