Ipswitch WhatsUp Professional suffers from source disclosure, information disclosure, and cross site scripting flaws. Weaknesses are confirmed in version 2006. Earlier versions may also be susceptible.
a9a7a332f27024112aca7776f100288c07c382051fe5ea02a197f2d35645d3f2WhatsUp is a tool from Ipswitch to monitor application and network,
embedding a custom web server on port 8022.
Description:
This custom web server is prone to multiple flaws.
-as authenticated user:
*src disclosure
https://server:8022/NmConsole/Login.asp.
*there are many XSS flaws, as
https://server:8022/NmConsole/Navigation.asp?sDeviceView=<SCRIPT>alert("me");</SCRIPT>&nDeviceID=<SCRIPT>alert("me");</SCRIPT>
https://server:8022/NmConsole/ToolResults.asp?bIsIE=true&nToolType=0&sHostname=%3cscript%3ealert('me')%3c/script%3e&nTimeout=2000&nCount=1&nSize=32&btnPing=Ping
*redirection
https://server:8022/NmConsole/DeviceSelection.asp?sRedirectUrl=Reports/DevicePassiveMonitorSyslog.asp&sCancelURL=https://www.google.fr
-not being authenticated:
*src disclosure
https://server:8022/NmConsole/Login.asp.
*network nodes information disclosure (name, internal addr, service)
https://server:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=0
The weaknesses have been confirmed in version 2006, source disclosure
in version 2005 and 2005 SP1 too.
Other versions may also be affected.
No response from vendor.
Solution:
-Filtered TCP port 8022, ask a patch from vendor if you are a registered user
-Keep an eye on an opensource project: https://gnms.rubyforge.org
David Maciejak
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed