VAR-201712-0017
Vulnerability from variot - Updated: 2023-12-18 13:52The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands.". Tripwire ( Old nCircle) IP360 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tripwire (formerly known as nCircle) IP360VnEManager is an IT asset management device from Tripwire Corporation of the United States. A security vulnerability exists in the RPC service in version 7.2.2 prior to TripwireIP360VnEManager 7.2.6. Document Title
Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability
Affected Products
Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected (verified) versions: v7.2.2 -> v7.2.5
CVE
CVE-2015-6237
CVSS
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O/RC:C Base Score: 10.0 Temporal Score: 9.5
Rating
Critical
Vulnerability Summary
The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled.
Impact
Successful exploitation will allow a remote unauthenticated attacker to execute commands and queries against the API normally only available to privileged users. Users configured to use external authentication sources (e.g. LDAP) can have a local password created and made usable by an attacker while the authorized user continues to use external authentication. The combined vectors could allow for remote administrative privilege acquisition.
Remediation
Update to v7.2.6
Credits
This vulnerability was discovered and reported by Specto (specto [at] custodela [dot] com).
Relevant Timeline
18/08/2015: Initial vendor contact 19/08/2015: Vulnerability provided to vendor 19/08/2015: Vulnerability accepted by vendor 25/08/2015: Vulnerability confirmed by vendor 30/09/2015: Update with vulnerability fix released by vendor 01/10/2015: Advisory posted
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip360",
"scope": "eq",
"trust": 1.6,
"vendor": "tripwire",
"version": "7.2.5"
},
{
"model": "ip360",
"scope": "eq",
"trust": 1.6,
"vendor": "tripwire",
"version": "7.2.2"
},
{
"model": "ip360",
"scope": "eq",
"trust": 1.6,
"vendor": "tripwire",
"version": "7.2.4"
},
{
"model": "ip360",
"scope": "lt",
"trust": 0.8,
"vendor": "trip wire",
"version": "7.2.2 thats all 7.2.6"
},
{
"model": "ip360 vne manager",
"scope": "gte",
"trust": 0.6,
"vendor": "tripwire",
"version": "7.2.2,\u003c=7.2.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"db": "NVD",
"id": "CVE-2015-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tripwire:ip360:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tripwire:ip360:7.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tripwire:ip360:7.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6237"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Specto",
"sources": [
{
"db": "PACKETSTORM",
"id": "133846"
}
],
"trust": 0.1
},
"cve": "CVE-2015-6237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-6237",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01118",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-6237",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6237",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-01118",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-960",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"db": "NVD",
"id": "CVE-2015-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted \"privileged commands.\". Tripwire ( Old nCircle) IP360 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Tripwire (formerly known as nCircle) IP360VnEManager is an IT asset management device from Tripwire Corporation of the United States. A security vulnerability exists in the RPC service in version 7.2.2 prior to TripwireIP360VnEManager 7.2.6. Document Title\n================\nTripwire IP360 VnE Remote Administrative API Authentication\nBypass/Privilege Acquisition Vulnerability\n\n\nAffected Products\n===================\nVendor: Tripwire\nSoftware/Appliance: IP360 VnE Vulnerability Manager\nAffected (verified) versions: v7.2.2 -\u003e v7.2.5\n\n\nCVE\n=====\nCVE-2015-6237\n\n\nCVSS\n=======\nCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/RL:O/RC:C\nBase Score: 10.0\nTemporal Score: 9.5\n\n\nRating\n=========\nCritical\n\n\nVulnerability Summary\n======================\n\nThe IP350 VnE is susceptible to a remote XML-RPC authentication\nbypass vulnerability, which allows for specially crafted privileged\ncommands to be remotely executed without authentication. The RPC\nservice is available on the public HTTPS interface of the VnE by\ndefault, and cannot be disabled. \n\n\nImpact\n========\n\nSuccessful exploitation will allow a remote unauthenticated\nattacker to execute commands and queries against the API normally\nonly available to privileged users. Users configured to use external authentication sources (e.g. \nLDAP) can have a local password created and made usable by an\nattacker while the authorized user continues to use external\nauthentication. The combined vectors could allow for remote\nadministrative privilege acquisition. \n\n\nRemediation\n=============\nUpdate to v7.2.6\n\n\nCredits\n==========\nThis vulnerability was discovered and reported by Specto\n(specto [at] custodela [dot] com). \n\n\nRelevant Timeline\n====================\n\n18/08/2015: Initial vendor contact\n19/08/2015: Vulnerability provided to vendor\n19/08/2015: Vulnerability accepted by vendor\n25/08/2015: Vulnerability confirmed by vendor\n30/09/2015: Update with vulnerability fix released by vendor\n01/10/2015: Advisory posted\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6237"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"db": "PACKETSTORM",
"id": "133846"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6237",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008079",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-01118",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201712-960",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "133846",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"db": "PACKETSTORM",
"id": "133846"
},
{
"db": "NVD",
"id": "CVE-2015-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
]
},
"id": "VAR-201712-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01118"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01118"
}
]
},
"last_update_date": "2023-12-18T13:52:51.653000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Tripwire IP360",
"trust": 0.8,
"url": "https://www.tripwire.co.jp/products/ip360/"
},
{
"title": "TripwireIP360VnEManager security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113625"
},
{
"title": "Tripwire IP360 VnE Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77349"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"db": "NVD",
"id": "CVE-2015-6237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://seclists.org/fulldisclosure/2015/oct/20"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/archive/1/536609/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/536609/100/0/threaded"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6237"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6237"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"db": "PACKETSTORM",
"id": "133846"
},
{
"db": "NVD",
"id": "CVE-2015-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"db": "PACKETSTORM",
"id": "133846"
},
{
"db": "NVD",
"id": "CVE-2015-6237"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"date": "2015-10-05T18:40:43",
"db": "PACKETSTORM",
"id": "133846"
},
{
"date": "2017-12-27T19:29:00.223000",
"db": "NVD",
"id": "CVE-2015-6237"
},
{
"date": "2017-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01118"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008079"
},
{
"date": "2018-10-09T19:57:48.003000",
"db": "NVD",
"id": "CVE-2015-6237"
},
{
"date": "2017-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133846"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tripwire IP360 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008079"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-960"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…