Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20778
HistoryOct 29, 2008 - 12:00 a.m.

n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution

2008-10-2900:00:00
vulners.com
30
JSON

n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2008.009 27-October-2008

Vendor: Eaton MGE office protection systems
Affected Products: Network Shutdown Module version 3.10
Vulnerability: authentication bypass vulnerability and remote code
execution
Risk: High

Vendor communication:

2008/08/13 initial notification of EATON MGE Office Protection
Systems (MGEOPS)
2008/08/20 second notification of MGEOPS
2008/08/20 MGEOPS confirmation of receiving information
2008/08/25 receiving patch proposal from MGEOPS
2008/08/29 confirmation of proper patch, asking of release date
2008/09/02 awaiting feedback regarding release date of the patch
2008/09/18 patch and new version undergoing QA process of MGEOPS
still no release date known
2008/10/07 another request regarding the release date
2008/10/21 MGEOPS informs n.runs AG about release of the new
software version
2008/10/27 n.runs AG releases this advisory

Overview:

EATON MGE Office Protection Systems designs and manufactures secured
power products and solutions for enterprises, small business and homes.
The Network Shutdown Module continuously wait for information from the
Management Proxy or Management Card connected to the EATON UPS and warns
administrators and users if AC power fails and proceeds with graceful
system shutdown before the end of battery backup power is reached.

Description:

Remote exploitation of an authentication bypass vulnerability could
allow an attacker to execute arbitrary code.

In detail, the following flaw was determined:

  • Custom actions can be added to the MGE frontend without authentication
    required (pane_actionbutton.php)
  • Actions can be executed (tested) without authentication required
    (exec_action.php)

Impact:

This problem can lead to a remote file execution vulnerability. It can
allow an attacker to add and execute custom actions. The commands to be
executed are included within the added action.

The vulnerability is present in MGE Network Shutdown Module software
versions prior 3.10 build 13.

Solution

EATON MGE Office Protection Systems has issued an update to correct this
vulnerability. A new version of the software (version 3.20) can be found at:
http://download.mgeops.com/explore/eng/network/net_sol.htm

Credits:
Bug found by Jan Rossmann and Jan Wagner of n.runs AG.

References:
This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php

Subscribe to the n.runs newsletter by signing up to:
http://www.nruns.com/newsletter_en.php

About n.runs:
n.runs AG is a vendor-independent consulting company specialising in the
areas of: IT Infrastructure, IT Security and IT Business Consulting. In
2007, n.runs expanded its core business area, which until then had been
project based consulting, to include the development of high-end
security solutions.
Application Protection System - Anti Virus (aps-AV) is the first
high-end security solution that n.runs is bringing to the market.

Copyright Notice:
Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
[email protected] for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded.
In no event shall n.runs be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages, even if n.runs has been advised of the possibility of
such damages.

Copyright 2008 n.runs AG. All rights reserved. Terms of use apply.

JSON