5 - VU#251133

Executive Summary

Summary
Title	S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs

Informations
Name	VU#251133	First vendor Publication	2010-06-24
Vendor	VU-CERT	Last vendor Modification	2010-06-24
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#251133

S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs

Overview

S2 NetBox and related products do not adequately restrict access to node logs, backups, and employee photographs. A remote, unauthenticated attacker could use information obtained from a vulnerable system to aid in further attacks.

I. Description

S2 NetBox is a line of "...open architecture, scalable, IP network-ready products for the physical security industry that integrate access control, alarm monitoring, video surveillance, and temperature monitoring." S2 Netbox systems are operated entirely via a web interface.

The Netbox web server does not properly authenticate access to several directories, allowing an unauthenticated attacker to access network node logs, employee photographs, and backup archives.

Linear (formerly IEI) eMerge is based on S2 Netbox, and Sonitrol eAccess is based on Linear eMerge. eMerge and eAccess may also be affected by this vulnerability.

II. Impact

An unauthenticated, remote attacker can access node logs, backups, and employee photographs. An attacker may be able to crack passwords contained in a backup and gain administrative control over the system. Node logs and employee photographs could provide an attacker with reconnaissance information.

III. Solution

Upgrade or patch

S2 Security has made patches or upgrades available to address this vulnerability for Netbox versions 2.5, 3.3, and 4.0. Please contact S2 or Linear customer support.

Restrict access

Restrict network access to S2 Netbox systems to trusted and authorized hosts and networks. Separate management networks from general purpose user networks. Do not allow access from untrusted networks such as the internet.

Vendor Information

Vendor	Status	Date Notified	Date Updated
Linear LLC	Affected		2010-05-25
S2 Security	Affected	2010-03-23	2010-05-12

References

http://www.s2sys.com/page/netbox/26
http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
http://blip.tv/file/3414004

Credit

These vulnerabilities were researched and reported by Shawn Merdinger. Thanks to S2 Security for information used in this document.

This document was written by Art Manion.

Other Information

Date Public:	2010-06-24
Date First Published:	2010-06-24
Date Last Updated:	2010-06-24
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	2.63
Document Revision:	29

Original Source

Url : http://www.kb.cert.org/vuls/id/251133

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-264	Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Linearcorp Emerge 50 cpe:2.3:h:linearcorp:emerge_50::::::::	1
Hardware	Linearcorp Emerge 5000 cpe:2.3:h:linearcorp:emerge_5000::::::::	1
Hardware	s2sys Netbox cpe:2.3:h:s2sys:netbox:4.0:::::::* cpe:2.3:h:s2sys:netbox:3.3:::::::* cpe:2.3:h:s2sys:netbox:2.5:::::::*	3
Hardware	Sonitrol Eaccess cpe:2.3:h:sonitrol:eaccess::::::::	1

Open Source Vulnerability Database (OSVDB)

Id	Description
65757	S2 NetBox Unspecified HTTP Request Directory Access Restriction Bypass

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	6
osvdb(s)	1

	Related
5	CVE-2010-2465
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)