Detections
Analytics

Eaton Network Shutdown Module < 3.20 Authentication Bypass / Command Execution

critical Nessus Plugin ID 34507

Language:

Synopsis

The remote web server contains an application that is affected by several issues.

Description

According to its version number, the Network Shutdown Module install on the remote host is earlier than 3.20. It therefore reportedly fails to require authentication before allowing a remote attacker to add custom actions through the 'pane_actionbutton.php' script and then execute them via the 'exec_action.php' script.

Note that the application runs by default with Administrator privileges under Windows so successful exploitation of this issue could result in a complete compromise of the affected system.

Solution

Upgrade to Network Shutdown Module version 3.20 or later.

See Also

https://seclists.org/bugtraq/2008/Oct/204

http://www.nessus.org/u?d9e0eb5a

Plugin Details

Severity: Critical

ID: 34507

File Name: network_shutdown_module_3_20.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 10/28/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:eaton:network_shutdown_module

Required KB Items: www/eaton_nsm

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Patch Publication Date: 10/21/2008

Vulnerability Publication Date: 10/27/2008

Reference Information

CVE: CVE-2008-6816

BID: 31933

CWE: 287

Secunia: 32456