BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities
Description
CWE-306: Missing Authentication for Critical Function - CVE-2014-4872 BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke methods remotely and retrieve their result. The exposed service FileStorageService allows for arbitrary file upload and code execution. The exposed service ConfigurationService allows for retrieval of configuration files which contain both application and domain credentials. |
Impact
A remote unauthenticated attacker may be able to upload and download arbitrary files and execute arbitrary code. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
Use a Firewall |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| BMC Software | Unknown | 21 Aug 2014 | 01 Oct 2014 |
If you are a vendor and your product is affected, let us know.
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 8.1 | E:F/RL:W/RC:UC |
| Environmental | 6.1 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://cwe.mitre.org/data/definitions/89.html
- http://cwe.mitre.org/data/definitions/306.html
- http://cwe.mitre.org/data/definitions/264.html
- http://www.trackit.com/
Credit
Thanks to Pedro Ribeiro (pedrib@gmail.com) from Agile Information Security for reporting this vulnerability.
This document was written by Chris King.
Other Information
- CVE IDs: CVE-2014-4872 CVE-2014-4873 CVE-2014-4874
- Date Public: 07 10월 2014
- Date First Published: 07 10월 2014
- Date Last Updated: 07 10월 2014
- Document Revision: 16