7.5 - VU#122142

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Mercator SENTINEL SQL injection allows authentication bypass

Informations
Name	VU#122142	First vendor Publication	2011-09-14
Vendor	VU-CERT	Last vendor Modification	2011-10-14
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#122142

Mercator SENTINEL SQL injection allows authentication bypass

Overview

Mercator SENTINEL contains an SQL injection vulnerability that could allow an attacker to bypass authentication and access the system with administrative privileges.

I. Description

Mercator SENTINEL is a flight safety management system. The login form of the web interface contains an SQL injection vulnerability. Please see CERT-NPS:2011:005 for more information.

II. Impact

An attacker with network access to the SENTINEL web interface could access the system with administrative privileges.

III. Solution

Upgrade

Credible information indicates that this vulnerability is addressed in SENTINEL version 2.0.1.0.

Restrict access

Restrict access to the SENTINEL web interface to trusted users and networks.

Vendor Information

Vendor	Status	Date Notified	Date Updated
Mercator	Affected	2011-06-22	2011-10-14

References

http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-%C2%AB-sentinel-safety-information-management-system-%C2%BB/
http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-suite/
http://www.mercator.com/customers/CustMap/customermap.html
http://cwe.mitre.org/data/definitions/89.html

Credit

Thanks to CERT-NETPEAS for reporting this vulnerability. Thanks also to ICS-CERT and aeCERT for their assistance.

This document was written by Art Manion.

Other Information

Date Public:	2011-06-20
Date First Published:	2011-09-14
Date Last Updated:	2011-10-14
CERT Advisory:
CVE-ID(s):	CVE-2011-1913
NVD-ID(s):	CVE-2011-1913
US-CERT Technical Alerts:
Severity Metric:	1.22
Document Revision:	13

Original Source

Url : http://www.kb.cert.org/vuls/id/122142

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mercator Sentinel cpe:2.3:a:mercator:sentinel:2.0:::::::*	1

Open Source Vulnerability Database (OSVDB)

Id	Description
75596	Mercator Sentinel Login Form Unspecified SQL Injection

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	1
osvdb(s)	1

	Related
7.5	CVE-2011-1913
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)