APC Management Vulnerability

2007.12.06

Credit: Gary Simat & Randy Kent

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-6226

CWE: CWE-287

CVSS Base Score: 7.1/10

Impact Subscore: 6.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

We have found a security exploit in the latest APC firmware versions for there switched rack PDU products. We have only tested this against the version listed below on a AP7932 0u 30amp PDU.
Name: rpdu
Version: v3.5.5
Date: 07/18/2007
Time: 11:38:29
Name: aos
Version: v3.5.6
Date: 07/18/2007
Time: 10:24:55
Date Reported to APC: 11-28-2007
Discovered by:
Gary Simat of Total Server Solutions LLC
Randy Kent of Sevaa Group Inc
Steps to reproduce:
1) login to the APC as a user from computer 1
2) Then attempt to login from another computer (we will call this computer 2), the User Name and Password will not be editable, so just click Log On. It will say someone is already logged in. leave this page up.
3) logout of computer 1
4) simply hit refresh on computer 2 and select to resend the headers. you will be logged in as the previously authenticated user.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

APC Management Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.