CVE-2015-7820

IBM System Networking Switch Center ZipDownload.jsp Information Disclosure Vulnerability

Severity Score

7.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privileged-account access, and consequently provide ZipDownload.jsp input containing directory traversal sequences to read arbitrary files, via a request to port 40080 or 40443.

Condición de carrera en el servicio web administration-panel en IBM System Networking Switch Center (SNSC) en versiones anteriores a 7.3.1.5 y Lenovo Switch Center en versiones anteriores a 8.1.2.0 permite a atacantes remotos obtener acceso a cuentas privilegiadas, y consecuentemente proveer una entrada ZipDownload.jsp que contiene secuencias de salto de directorio para leer archivos de texto arbitrarios, a través de una petición al puerto 40080 o 40443.

This vulnerability allows remote attackers to disclose information on vulnerable installations of IBM System Networking Switch Center. Authentication is not required to exploit this vulnerability.
The specific flaws exist within the IBM SNSC Web Service, which listens by default on ports 40080 (HTTP) or 40443 (HTTPS) for requests to the administration panel. The first is a race condition, which allows the for the temporary use of a fixed privileged account which is forbidden from interactive login, and the second is the ability to specify any file on the system in ZipDownload.jsp. By combining these two vulnerabilities, an attacker can read arbitrary files on the system.

*Credits: Andrea Micalizzi (rgod)

CVSS Scores

NISTv2 7.1

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-10-14 CVE Reserved
2015-11-10 CVE Published
2024-08-06 CVE Updated
2024-09-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (2)

URL	Tag	Source
http://www.zerodayinitiative.com/advisories/ZDI-15-554	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://support.lenovo.com/us/en/product_security/len_2015_074	2015-11-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Lenovo Search vendor "Lenovo"		Switch Center Search vendor "Lenovo" for product "Switch Center"				<= 8.1.1.0 Search vendor "Lenovo" for product "Switch Center" and version " <= 8.1.1.0"		-		Affected
Ibm Search vendor "Ibm"		System Networking Switch Center Search vendor "Ibm" for product "System Networking Switch Center"				<= 7.3.1.4 Search vendor "Ibm" for product "System Networking Switch Center" and version " <= 7.3.1.4"		-		Affected