CVE-2013-1080
Novell ZENworks Control Center File Upload Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.
El servidor web en ZENworks Configuration Management (ZCM) de Novell versión 10.3 y versión 11.2 anteriores a 11.2.4, no realiza apropiadamente la autenticación para el archivo zenworks/jsp/index.jsp, lo que permite a los atacantes remotos realizar ataques de salto de directorio y en consecuencia cargar y ejecutar programas arbitrarios, por medio de una petición al puerto TCP 443.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks. Authentication is not required to exploit this vulnerability.
The specific issues exists within ZENworks Control Center which listens on tcp/443 by default. Insufficient authentication checking on /zenworks/jsp/index.jsp allows a remote attacker to upload files to the webserver. By combining this with a directory traversal vulnerability, an attacker can exploit this condition to gain remote code execution as SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-01-11 CVE Reserved
- 2013-03-22 CVE Published
- 2013-04-08 First Exploit
- 2024-06-22 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.novell.com/support/kb/doc.php?id=7012027 | X_refsource_confirm | |
http://www.zerodayinitiative.com/advisories/ZDI-13-049 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/24938 | 2013-04-08 | |
http://www.exploit-db.com/exploits/24938 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.novell.com/support/kb/doc.php?id=7011812 | 2013-12-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 10.3 Search vendor "Novell" for product "Zenworks Configuration Management" and version "10.3" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Zenworks Configuration Management Search vendor "Novell" for product "Zenworks Configuration Management" | 11.2 Search vendor "Novell" for product "Zenworks Configuration Management" and version "11.2" | - |
Affected
|