VMTurbo Operations Manager prior 4.0 vmtadmin.cgi fileDate command injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability was found in VMTurbo Operations Manager. It has been rated as critical. This vulnerability affects unknown code of the file vmtadmin.cgi. This manipulation of the argument fileDate causes command injection. This vulnerability is tracked as CVE-2014-5073. Moreover, an exploit is present. Upgrading the affected component is advised.
Details
A vulnerability classified as critical was found in VMTurbo Operations Manager. Affected by this vulnerability is an unknown function of the file vmtadmin.cgi. The manipulation of the argument fileDate with an unknown input leads to a command injection vulnerability. The CWE definition for the vulnerability is CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
The weakness was disclosed 08/29/2014 by Emilio Pinna (Website). The advisory is shared at xforce.iss.net. This vulnerability is known as CVE-2014-5073 since 07/24/2014. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known. MITRE ATT&CK project uses the attack technique T1202 for this issue.
A public exploit has been developed by Metasploit in Ruby and been published even before and not after the advisory. It is possible to download the exploit at securityfocus.com. It is declared as highly functional. The vulnerability was handled as a non-public zero-day exploit for at least 15 days. During that time the estimated underground price was around $0-$5k.
Upgrading to version 4.0 eliminates this vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16670.
The vulnerability is also documented in the databases at X-Force (95319), Exploit-DB (34335), SecurityFocus (BID 69225†), OSVDB (109572†) and Secunia (SA58880†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Command injectionCWE: CWE-77 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Author: Metasploit
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
OpenVAS ID: 105038
OpenVAS Name: VMTurbo Operations Manager /cgi-bin/vmtadmin.cgi Remote Command Execution Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
MetaSploit ID: vmturbo_vmtadmin_exec_noauth.rb
MetaSploit Name: VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution
MetaSploit File: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Operations Manager 4.0
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
Fortigate IPS: 🔍
Timeline
07/24/2014 🔍07/25/2014 🔍
08/14/2014 🔍
08/14/2014 🔍
08/14/2014 🔍
08/14/2014 🔍
08/29/2014 🔍
08/29/2014 🔍
09/11/2014 🔍
03/26/2015 🔍
12/04/2024 🔍
Sources
Advisory: 127864Researcher: Emilio Pinna
Status: Confirmed
CVE: CVE-2014-5073 (🔍)
GCVE (CVE): GCVE-0-2014-5073
GCVE (VulDB): GCVE-100-70777
X-Force: 95319
SecurityFocus: 69225 - VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' Remote Command Execution Vulnerability
Secunia: 58880 - VMTurbo Operations Manager "fileDate" Command Injection Vulnerability, Moderately Critical
OSVDB: 109572
Vulnerability Center: 46094 - VMTurbo Operations Manager Before 4.6 build 28657 Remote Command Execution via a DOWN Call, High
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 03/26/2015 12:07Updated: 12/04/2024 12:18
Changes: 03/26/2015 12:07 (64), 06/06/2017 08:24 (21), 03/28/2022 18:05 (3), 12/04/2024 12:18 (16)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.