0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Skybox 6.x Authentication Bypass / Information Disclosure
Author
Risk
[Security Risk High
]0day-ID
Category
Date add
CVE
Platform
# Exploit Title: [SKYBOX Security – Multiple Information Disclosure] # Date: [22-Jan-2014] # Exploit Author: [Luigi Vezzoso] # Vendor Homepage: [http://www.skyboxsecurity.com] # Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57] # Tested on: [Centos 6.4 kernel 2.6.32] # CVE : [CVE-2014-2084] #OVERVIEW A vulnerability has been found in some Skybox View Appliances’ Admin interfaces which would allow a potential malicious party to bypass the authentication mechanism and obtain read-only access to the appliance’s administrative menus. This would allow the malicious party to read system-related information such as interface names, IP addresses and the appliance status. #INTRODUCTION Skybox Security has a complete portfolio of security management tools that deliver the security intelligence needed to act fast to minimize risks and eliminate attack vectors. Based on a powerful risk analytics platform that links data from vulnerability scanners, threat intelligence feeds, firewalls and other network infrastructure devices – Skybox gives you context to prioritize risks accurately and automatically, in minutes. #VULNERABILITY DESCRIPTION It's possible to obtain useful information about the version and network configuration of skybox appliances bypassing the webui interface. For the appliance system info open with a browser: https://1.1.1.1:444/scripts/commands/getSystemInformation?_=111111111 For the appliance network info open with a browser: https://1.1.1.1:444/scripts/commands/getNetworkConfigurationInfo #VERSIONS AFFECTED Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57 #SOLUTION Please refer to the vendor security advisor: Security Advisory 2014-3-25-1 # 0day.today [2024-12-26] #