{"vuid":"VU#217836","idnumber":"217836","name":"Wave EMBASSY Remote Administration Server SQL injection vulnerabilities","keywords":["sql wave embassy cwe-79 cwe-78"],"overview":"The Wave EMBASSY Remote Administration Server (ERAS) contains the ERAS Help Desk application that fails to filter user input allowing for the exploitation of SQL injection vulnerabilities. These vulnerabilities may allow a remote authenticated attacker to execute procedures or SQL queries and updates on the vulnerable database application as well as command execution on the target server.","clean_desc":"The ERAS 2.8.4 and 2.9.5 Help Desk application has been reported to contain vulnerabilities to blind SQL injection as well as command execution on the target server. The vulnerability requires that the attacker be authenticated in the application. CWE-79 - Blind SQL Injection - CVE-2013-3577\nA blind SQL injection attack may be performed against the ct100$4MainController$TextBoxSearchValue parameter or search box. CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - CVE-2013-3578\nA stacked query based SQL attack on the ct100$4MainController$TextBoxSearchValue parameter or search box allows for a remote authenticated attacker to execute commands on the server. The CVSS scores below apply to CVE-2013-3578.","impact":"A remote attacker may be able to execute SQL queries on a server, possibly with elevated privileges. As a result, attackers may be able to view or modify the contents of the database. Additionally, an attacker may be able to execute operating system commands on the server, potentially allowing them to gain control of the server itself.","resolution":"Apply an Update\n Additional input validation checks were implemented in ERAS 2.9.5 Service packs 1 and 2 to fix these vulnerabilities. All users with ERAS deployments should upgrade on Wave's support website. Users will also receive a notice from Wave with links to the patch. Affected versions: ERAS 2.8.4 Help Desk\nERAS 2.9.5 Help Desk Please consider the following workarounds if you are unable to upgrade.","workarounds":"User Management\nThis vulnerability requires authentication to exploit. Enforce strong user permissions to minimize the attack surface.","sysaffected":"","thanks":"Thanks to Simone Cecchini from Verizon Enterprise Solutions (GCIS Threat and Vulnerability Management) for discovering this vulnerability. Also, thanks to Thierry Zoller from Verizon Enterprise Solutions for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://cwe.mitre.org/data/definitions/79.html","http://cwe.mitre.org/data/definitions/78.html","http://www.us-cert.gov/security-publications/sql-injection","http://www.wave.com/products/embassy-remote-administration-server-self-encrypting-drives"],"cveids":["CVE-2013-3577","CVE-2013-3578"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-05-09T18:32:22Z","publicdate":"2013-07-12T00:00:00Z","datefirstpublished":"2013-07-12T14:28:13Z","dateupdated":"2014-07-30T05:54:28Z","revision":26,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.5","cvss_basevector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","cvss_temporalscore":"5.1","cvss_environmentalscore":"1.27683519756581","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}