Nick Nam

**Name of the Vulnerable Software and Affected Versions** IGEL Universal Management Suite version 6.07.100 **Description** An issue was discovered in the IGEL Universal Management Suite (UMS) that allows an unprivileged local attacker to read encrypted database user and password values for the UMS superuser due to insecure permissions for the serverconfig registry key under JavaSoftPrefsdeigelrmconfig in HKEY LOCAL MACHINESOFTWARE. **Recommendations** For IGEL Universal Management Suite version 6.07.100, consider restricting access to the serverconfig registry key to prevent unauthorized reading of the encrypted dbuser and dbpassword values. As a temporary workaround, review and adjust the permissions of the serverconfig registry key to ensure that only authorized users have access to it.

**Name of the Vulnerable Software and Affected Versions** IGEL Universal Management Suite (UMS) version 6.07.100 **Description** An issue was discovered in the transmission of cleartext LDAP bind credentials by the `cmd mgt load mgt tree` command, allowing an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind credentials. **Recommendations** For IGEL Universal Management Suite (UMS) version 6.07.100, consider disabling the `cmd mgt load mgt tree` command until a patch is available to prevent the transmission of cleartext LDAP bind credentials. Restrict access to the UMS server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IGEL Universal Management Suite (UMS) version 6.07.100 **Description** An issue was discovered in the IGEL Universal Management Suite (UMS) where a hardcoded DES key in the `PrefDBCredentials` class allows an attacker to decrypt superuser credentials using a static 8-byte DES key, if the attacker has already discovered the encrypted credentials. **Recommendations** For IGEL Universal Management Suite (UMS) version 6.07.100, consider disabling the `PrefDBCredentials` class until a patch is available to prevent potential exploitation. Restrict access to superuser credentials to minimize the risk of decryption by an attacker.

**Name of the Vulnerable Software and Affected Versions** IGEL Universal Management Suite (UMS) version 6.07.100 **Description** An issue was discovered in the IGEL Universal Management Suite (UMS) where a hardcoded DES key in the `LDAPDesPWEncrypter` class allows an attacker to decrypt encrypted LDAP bind credentials using a static 8-byte DES key, if the attacker has discovered these credentials. **Recommendations** For IGEL Universal Management Suite (UMS) version 6.07.100, consider disabling the `LDAPDesPWEncrypter` class until a patch is available to prevent the decryption of encrypted LDAP bind credentials.

**Name of the Vulnerable Software and Affected Versions** Echo ShareCare version 8.15.5 **Description** The issue allows for SQL injection when processing remote input from both authenticated and unauthenticated users. This can lead to bypassing authentication, exfiltrating SQL records, and manipulating data. **Recommendations** For Echo ShareCare version 8.15.5, consider restricting access to sensitive data and implementing input validation to prevent SQL injection attacks until a patch is available. As a temporary workaround, restrict access to the application from unauthenticated users to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Echo ShareCare version 8.15.5 Description: An issue was discovered where Echo ShareCare does not perform authentication or authorization checks when accessing a subset of sensitive resources. This allows unauthenticated users to access pages that are vulnerable to attacks such as SQL injection. Recommendations: For Echo ShareCare version 8.15.5, consider restricting access to sensitive resources until a patch is available. As a temporary workaround, implement additional authentication and authorization checks for accessing sensitive pages to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Echo ShareCare version 8.15.5 Description: An issue was discovered in the file-upload feature of Echo ShareCare, specifically in the Access/DownloadFeed Mnt/FileUpload Upd.cfm file, which is susceptible to an unrestricted upload vulnerability via the `name1` parameter. This vulnerability allows arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive, where ShareCare application files reside, and enables remote code execution as the ShareCare service user (NT AUTHORITYSYSTEM). Recommendations: For Echo ShareCare version 8.15.5, consider disabling the file-upload feature in Access/DownloadFeed Mnt/FileUpload Upd.cfm as a temporary workaround to prevent exploitation. Restrict access to the `name1` parameter in the file-upload feature to minimize the risk of arbitrary file uploads and remote code execution.

Name of the Vulnerable Software and Affected Versions: Echo ShareCare version 8.15.5 Description: An issue was discovered in the UnzipFile feature, specifically in Access/EligFeedParse Sup/UnzipFile Upd.cfm, which is susceptible to a command argument injection vulnerability. This occurs when processing remote input in the `zippass` parameter from an authenticated user, allowing the injection of arbitrary arguments to 7z.exe. Recommendations: For Echo ShareCare version 8.15.5, consider disabling the UnzipFile feature or restricting access to the `zippass` parameter in the UnzipFile Upd.cfm file until a patch is available. Additionally, restrict the execution of 7z.exe to prevent arbitrary argument injection.

Name of the Vulnerable Software and Affected Versions: Echo ShareCare version 8.15.5 Description: An issue was discovered in the TextReader feature, specifically in General/TextReader/TextReader.cfm, which is susceptible to a local file inclusion vulnerability. This occurs when processing remote input in the `textFile` parameter from an authenticated user, allowing the ability to read arbitrary files on the server filesystems as well as any files accessible via Universal Naming Convention (UNC) paths. Recommendations: For Echo ShareCare version 8.15.5, consider disabling the TextReader feature or restricting access to the `textFile` parameter in the General/TextReader/TextReader.cfm endpoint until a patch is available. Additionally, restrict access to sensitive files and directories on the server to minimize the risk of exploitation.