{"vuid":"VU#520430","idnumber":"520430","name":"BreakingPoint Systems Storm CTM information disclosure vulnerabilities","keywords":["BreakingPoint","storm","ctm","plaintext"],"overview":"BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.","clean_desc":"According to BreakingPoint's website, the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide organizations with the insight to battle-test IT infrastructures, train cyber warriors, tune systems and policies, and transform security processes to be proactive and effective.. BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information. CVE-2012-2963: The BreakingPoint Systems Control Center GUI and administrative clients communicate in plaintext. All information exchanged between client and server, including the username and password, are sent in plain text XML transfers over tcp/8880. For additional information see Dell SecureWorks security advisory SWRX-2012-005. CVE-2012-2964: The BreakingPoint Systems Storm CTM administrative interface does not properly check for authorization. User-controllable requests supplied to the ‘/gwt/BugReport’ script of the embedded web server are not properly checked for authorization. An unauthenticated remote attacker can leverage this issue to retrieve a diagnostic report of the system’s configuration. This report, delivered as a .tgz archive, includes sensitive information, including system logs, test results, and detailed system configuration information as well as account names and email addresses of authorized users. For additional information see Dell SecureWorks security advisory SWRX-2012-006.","impact":"An attacker may be able to gather sensitive configuration information including account credentials, session authentication tokens, test configurations, and test results of the BreakingPoint Systems Storm CTM device. It is also possible that an unauthenticated remote attacker may be able to retrieve a diagnostic report of the BreakingPoint Systems Storm CTM configuration which contains detailed system configuration information as well as account names and email addresses of authorized users.","resolution":"Update The vendor has stated that these vulnerabilities will be resolved in BreakingPoint Systems Storm CTM version 3.0. Users are advised to update to BreakingPoint Systems Storm CTM version 3.0 or higher, when it is available.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing a BreakingPoint Systems Storm CTM appliance using stolen credentials from a blocked network location.","sysaffected":"","thanks":"Thanks to Jeff Jarmoc of Dell SecureWorks for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://www.breakingpointsystems.com/products/product-line/breakingpoint-storm/","http://www.secureworks.com/research/advisories/SWRX-2012-005/","http://www.secureworks.com/research/advisories/SWRX-2012-006/"],"cveids":["CVE-2012-2963","CVE-2012-2964"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-04-06T17:06:35Z","publicdate":"2012-08-01T00:00:00Z","datefirstpublished":"2012-08-02T11:12:16Z","dateupdated":"2012-08-02T11:23:29Z","revision":39,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","cvss_temporalscore":"3.6","cvss_environmentalscore":"1.1","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}