Missing Function Level Access control Vulnerability in OPutils
Overview
======
Title:- Missing Function Level Access control Vulnerability in ManageEngine OpUtils
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: OPUTILS
Tested Version: : OPUTILS 8.0
Severity: Medium
Advisory ID
=======
======
Title:- Missing Function Level Access control Vulnerability in ManageEngine OpUtils
Author: Kaustubh G. Padwad
Vendor: ZOHO Corp
Product: OPUTILS
Tested Version: : OPUTILS 8.0
Severity: Medium
Advisory ID
=======
2016-06-Manage_Engine
About the Product:
===========
OpUtils is a Switch Port & IP Address Management software that helps network engineers manage their Switches and IP Address Space with ease. With its comprehensive set of 30+ tools, it helps them to perform network monitoring tasks like detecting a rogue device intrusion, keep a check on bandwidth usage, monitoring availability of critical devices, backing up Cisco configuration files and more.
Description:
=======
This Missing Function Level Access Control vulnerability enables an Normal user to execute the Adinisitative Task.
Vulnerability Class:
============
2013-A7-Missing Function Level Access Control https://www.owasp.org/index.php/Top_10_2013-A7-Missing_Function_Level_Ac
cess_Control
Mitigation
==========
Upgrade to NextService Pack
Disclosure:
===========
04-Feb-2016 Repoerted to vendor
11-Feb-2016 Fixed By Vendor
credits:
=====
* Kaustubh Padwad
* Information Security Researcher
* kingkaustubh (at) me (dot) com [email concealed]
* https://twitter.com/s3curityb3ast
* http://breakthesec.com
* https://www.linkedin.com/in/kaustubhpadwad
About the Product:
===========
OpUtils is a Switch Port & IP Address Management software that helps network engineers manage their Switches and IP Address Space with ease. With its comprehensive set of 30+ tools, it helps them to perform network monitoring tasks like detecting a rogue device intrusion, keep a check on bandwidth usage, monitoring availability of critical devices, backing up Cisco configuration files and more.
Description:
=======
This Missing Function Level Access Control vulnerability enables an Normal user to execute the Adinisitative Task.
Vulnerability Class:
============
2013-A7-Missing Function Level Access Control https://www.owasp.org/index.php/Top_10_2013-A7-Missing_Function_Level_Ac
cess_Control
Mitigation
==========
Upgrade to NextService Pack
Disclosure:
===========
04-Feb-2016 Repoerted to vendor
11-Feb-2016 Fixed By Vendor
credits:
=====
* Kaustubh Padwad
* Information Security Researcher
* kingkaustubh (at) me (dot) com [email concealed]
* https://twitter.com/s3curityb3ast
* http://breakthesec.com
* https://www.linkedin.com/in/kaustubhpadwad
0 comments:
Post a Comment