Executive Summary

Summary
Title BreakingPoint Systems Storm CTM information disclosure vulnerabilities
Informations
Name VU#520430 First vendor Publication 2012-08-02
Vendor VU-CERT Last vendor Modification 2012-08-02
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#520430

BreakingPoint Systems Storm CTM information disclosure vulnerabilities

Original Release date: 02 Aug 2012 | Last revised: 02 Aug 2012

Overview

BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.

Description

According to BreakingPoint's website, the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide organizations with the insight to battle-test IT infrastructures, train cyber warriors, tune systems and policies, and transform security processes to be proactive and effective.. BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.

  • CVE-2012-2963: The BreakingPoint Systems Control Center GUI and administrative clients communicate in plaintext. All information exchanged between client and server, including the username and password, are sent in plain text XML transfers over tcp/8880. For additional information see Dell SecureWorks security advisory SWRX-2012-005.
  • CVE-2012-2964: The BreakingPoint Systems Storm CTM administrative interface does not properly check for authorization. User-controllable requests supplied to the ‘/gwt/BugReport’ script of the embedded web server are not properly checked for authorization. An unauthenticated remote attacker can leverage this issue to retrieve a diagnostic report of the system’s configuration. This report, delivered as a .tgz archive, includes sensitive information, including system logs, test results, and detailed system configuration information as well as account names and email addresses of authorized users. For additional information see Dell SecureWorks security advisory SWRX-2012-006.

Impact

An attacker may be able to gather sensitive configuration information including account credentials, session authentication tokens, test configurations, and test results of the BreakingPoint Systems Storm CTM device. It is also possible that an unauthenticated remote attacker may be able to retrieve a diagnostic report of the BreakingPoint Systems Storm CTM configuration which contains detailed system configuration information as well as account names and email addresses of authorized users.

Solution

Update

The vendor has stated that these vulnerabilities will be resolved in BreakingPoint Systems Storm CTM version 3.0. Users are advised to update to BreakingPoint Systems Storm CTM version 3.0 or higher, when it is available.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing a BreakingPoint Systems Storm CTM appliance using stolen credentials from a blocked network location.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
BreakingPoint Systems IncAffected26 Apr 201102 Aug 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base5.0AV:N/AC:L/Au:N/C:P/I:N/A:N
Temporal3.6E:U/RL:W/RC:UC
Environmental1.1CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

  • http://www.breakingpointsystems.com/products/product-line/breakingpoint-storm/
  • http://www.secureworks.com/research/advisories/SWRX-2012-005/
  • http://www.secureworks.com/research/advisories/SWRX-2012-006/

Credit

Thanks to Jeff Jarmoc of Dell SecureWorks for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

  • CVE IDs:CVE-2012-2963CVE-2012-2964
  • Date Public:01 Aug 2012
  • Date First Published:02 Aug 2012
  • Date Last Updated:02 Aug 2012
  • Document Revision:38

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.


This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/520430

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-287 Improper Authentication
50 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Os 4