Detections
Analytics

Visual Mining NetCharts Server Arbitrary File Upload

high Nessus Plugin ID 80083

Language:

Synopsis

The remote web server contains a JSP script that allows arbitrary file uploads.

Description

The Visual Mining NetCharts Server web interface installed on the remote web server is affected by a file upload vulnerability due to a built-in hidden account. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on the remote host.

Solution

Restrict access to the vulnerable server.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-14-372/

Plugin Details

Severity: High

ID: 80083

File Name: visual_mining_netcharts_server_file_upload.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 12/17/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:visual_mining:netcharts_server

Required KB Items: installed_sw/Visual Mining NetCharts Server

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: No exploit is required

Exploited by Nessus: true

Vulnerability Publication Date: 11/3/2014

Exploitable With

Metasploit (Visual Mining NetCharts Server Remote Code Execution)

Elliot (Visual Mining NetCharts Server 7.0 File Upload)

Reference Information

CVE: CVE-2014-8516

BID: 70895