Missing Function Level Access control Vulnerability in OPutils

Posted On // Leave a Comment

Missing Function Level Access control Vulnerability in OPutils

Title:- Missing Function Level Access control Vulnerability in ManageEngine OpUtils
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: OPUTILS
Tested Version: : OPUTILS 8.0
Severity: Medium

Advisory ID

About the Product:
OpUtils is a Switch Port & IP Address Management software that helps network engineers manage their Switches and IP Address Space with ease. With its comprehensive set of 30+ tools, it helps them to perform network monitoring tasks like detecting a rogue device intrusion, keep a check on bandwidth usage, monitoring availability of critical devices, backing up Cisco configuration files and more.

This Missing Function Level Access Control vulnerability enables an Normal user to execute the Adinisitative Task.

Vulnerability Class:
2013-A7-Missing Function Level Access Control https://www.owasp.org/index.php/Top_10_2013-A7-Missing_Function_Level_Ac

Upgrade to NextService Pack

04-Feb-2016 Repoerted to vendor
11-Feb-2016 Fixed By Vendor

* Kaustubh Padwad
* Information Security Researcher
* kingkaustubh (at) me (dot) com [email concealed]
* https://twitter.com/s3curityb3ast
* http://breakthesec.com
* https://www.linkedin.com/in/kaustubhpadwad