PT-2010-4041 · S2 Security · S2 Security Netbox

Shawn Merdinger

Published

2010-06-25

Updated

2010-07-13

CVE-2010-2465

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions S2 Security NetBox versions 2.5, 3.3, 4.0

Description The issue allows remote attackers to download sensitive information, including node logs, photographs of persons, and backup files, via unspecified HTTP requests due to insufficient access control. This is because sensitive information is stored under the web root.

Recommendations For version 2.5, 3.3, and 4.0, restrict access to sensitive information stored under the web root to prevent unauthorized downloads. As a temporary workaround, consider restricting access to the web root until a proper fix is applied. Avoid using HTTP requests that could lead to the exposure of sensitive information until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-2465

Affected Products

S2 Security Netbox

PT-2010-4041 · S2 Security · S2 Security Netbox

CVE-2010-2465

Weakness Enumeration

Related Identifiers

Affected Products

References · 10