27 Jui 2019
Vulnérabilité CVE-2019-7226 CVE Vulnerability
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response. (CVSS:0.0) (Last Update:2019-06-27)
Vulnerability Details : The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and returns the session ID along with what may be the username and cleartext password of the user. An attacker can then supply an IDALToken value in a cookie, which will allow them to perform privileged operations such as restarting the service with /cgi/restart. A GET request to /cgi/loginDefaultUser may result in "1 #S_OK IDALToken=532c8632b86694f0232a68a0897a145c admin admin" or a similar response. Publish Date : 2019-06-27 Last Update Date : 2019-06-27 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-7226
- References For CVE-2019-7226
| |||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-7226There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |