CVE-2015-0516
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.0
Description
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
EMC M&R (Watch4net) - Directory Traversal
Abstract
A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
Affected products
EMC reports that the following products are affected by this vulnerability:
- EMC M&R (Watch4Net) versions prior 6.5u1
- EMC ViPR SRM versions prior to 3.6.1
See also
- CVE-2015-0516
- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
- ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities (login required)
Fix
EMC released the following updated versions that resolve this vulnerability:
- EMC M&R (Watch4Net) 6.5u1
- EMC ViPR SRM 3.6.1
Registered customers can download upgraded software from support.emc.com at https://support.emc.com/downloads/34247_ViPR-SRM.
Introduction
EMC M&R (formerly known as Watch4net) enables cross-domain performance monitoring of infrastructure and data center components in real-time - from a single, customizable dashboard.
A path traversal vulnerability was found in M&R (Watch4net) Device Discovery. Path traversal vulnerabilities arise when user-controllable data is used insecurely within a file system operation. Typically, a user-supplied filename is appended to a directory prefix in order to read or write the contents of a file.
Details
This vulnerability can be trigger via de fileFileName URL parameter of the /device-discovery/devicesource/downloadSeedFile page. An authenticated attacker can supply path traversal sequences to break out of the intended download directory and read files elsewhere on the file system. This allows the attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
The following URL can be used to demonstrate this issue:
http://<target>:58080/device-discovery/devicesource/downloadSeedFile?fileFileName=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\System32\drivers\etc\hostsReferences
- http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html
- http://seclists.org/fulldisclosure/2015/Mar/116
- http://www.securityfocus.com/archive/1/534929/100/0/threaded
- http://www.securityfocus.com/bid/72255
- http://www.securitytracker.com/id/1031567
- https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html
- http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html
- http://seclists.org/fulldisclosure/2015/Mar/116
- http://www.securityfocus.com/archive/1/534929/100/0/threaded
- http://www.securityfocus.com/bid/72255
- http://www.securitytracker.com/id/1031567
- https://www.securify.nl/advisory/SFY20141105/path_traversal_vulnerability_in_emc_m_r__watch4net__mib_browser.html
CWEs
CWE-22
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.