The Hacker News Logo
Subscribe to Newsletter

Zero-Day Exploit released for Vulnerability in Novell ZENworks

Rapid7 researcher Juan Vazquez recently uncovered a zero-day security flaw in Novell ZENworks Asset Management 7.5. This Vulnerability (CVE-2012-4933) gives access to any files with system privileges and could also allow an attacker to grab configuration parameters, including the backend credentials in clear text.

ZENworks Asset Management provides a Web Console, where the user can access the data collected about network devices and edit some information. This web interface provides some maintenance calls, two of them accessible with hardcoded credentials, allowing a remote attacker to retrieve any file from the remote file system with SYSTEM privileges and to get configuration parameters from the ZENworks Asset Management including the backend credentials in clear text.

The vulnerability currently remains unpatched and US CERT recommends that users implement firewall rules that will restrict access to the web interface by unauthorised users.

Read here, more about exploitation of this vulnerability and find two auxiliary modules that will give Metasploit users the ability to test their ZENworks software.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.