7.5 - VU#175068

Executive Summary

Summary
Title	PivotX password reset vulnerability

Informations
Name	VU#175068	First vendor Publication	2011-02-18
Vendor	VU-CERT	Last vendor Modification	2011-02-18
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#175068

PivotX password reset vulnerability

Overview

The PivotX web content management system 2.2.3 and earlier is affected by a password reset vulnerability.

I. Description

PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be affected. This vulnerability is being exploited in the wild and users should immediately upgrade to 2.2.5 or later. Mitigation steps for users that have been compromised have been posted to the PivotX Support Community.

II. Impact

An attacker can gain admin access to the PivotX content management system with a specially crafted URL. Admin access allows the possibility to upload files to the server as well.

III. Solution

Apply an Update

Upgrade to version 2.2.5 or later.

Vendor Information

Vendor	Status	Date Notified	Date Updated
PivotX	Affected		2011-02-18

References

http://forum.pivotx.net/viewtopic.php?p=10639#p10639
http://blog.pivotx.net/archive/2011/02/16/pivotx-225-released
http://forum.pivotx.net/viewtopic.php?f=2&t=1967

Credit

Thanks to "Hans F. Nordhaug" for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:	2011-02-18
Date First Published:	2011-02-18
Date Last Updated:	2011-02-18
CERT Advisory:
CVE-ID(s):	CVE-2011-1035
NVD-ID(s):	CVE-2011-1035
US-CERT Technical Alerts:
Severity Metric:	49.95
Document Revision:	11

Original Source

Url : http://www.kb.cert.org/vuls/id/175068

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-255	Credentials Management

CPE : Common Platform Enumeration

Type	Description	Count
Application	Pivotx cpe:2.3:a:pivotx:pivotx:2.2.3:::::::* cpe:2.3:a:pivotx:pivotx:2.2.2:::::::* cpe:2.3:a:pivotx:pivotx:2.2.1:::::::* cpe:2.3:a:pivotx:pivotx:2.2.0:::::::* cpe:2.3:a:pivotx:pivotx:2.2.0:b1:::::: cpe:2.3:a:pivotx:pivotx:2.2.0:rc:::::: cpe:2.3:a:pivotx:pivotx:2.2.0:b2:::::: cpe:2.3:a:pivotx:pivotx:2.1.2:::::::* cpe:2.3:a:pivotx:pivotx:2.1.1:::::::* cpe:2.3:a:pivotx:pivotx:2.1.0:::::::*	10

OpenVAS Exploits

Date	Description
2011-03-05	Name : FreeBSD Ports: pivotx File : nvt/freebsd_pivotx.nasl
2011-02-23	Name : PivotX 'Reset my password' Feature Data Manipulation Vulnerability File : nvt/secpod_pivotx_data_manipulation_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
70935	PivotX Unspecified Unauthorized Password Reset PivotX contains a flaw related to the password reset mechanism. The issue is triggered when a remote attacker determines a user's username, allowing them to modify the user's password through unspecified means. No further details have been provided.

Nessus® Vulnerability Scanner

Date	Description
2011-02-21	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ae0e58353cad11e0b65400215c6a37bb.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	10
osvdb(s)	1
Openvas Exploit(s)	2
Nessus® Exploit(s)	1

	Related
7.5	CVE-2011-1035
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)