Skip to content

Instantly share code, notes, and snippets.

@med0x2e
Last active December 15, 2017 20:44
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save med0x2e/439e92419c552b5dc82b2f5e832c8bfb to your computer and use it in GitHub Desktop.
CVE-2017-11463
[Suggested description]
In LANDESK Management Suite 2016.4 and 2017.x, an Unrestricted
Direct Object Reference leads to referencing/updating objects
belonging to other users. In other words, a normal user
can send requests to a specific URI with the
target user's username in an HTTP payload in order to retrieve a
key/token and use it to access/update objects belonging to other
users. Such objects could be user profiles, tickets, incidents, etc.
------------------------------------------
[Additional Information]
Any authenticated user may take advantage of such insecure permission
issue to access and update objects belonging to other users, such
objects are and not limited to users' profiles, tickets, and incidents
..etc.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[Vendor of Product]
Landesk
------------------------------------------
[Affected Product Code Base]
LANDESK Management Suite - 2016.4, 2017.x
------------------------------------------
[Affected Component]
LANDESK Management suite objects such as user profiles, users' tickets and incidents and other possible objects.
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Denial of Service]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
Updating other users profiles, Updating other users submitted tickets, incidents
------------------------------------------
[Discoverer]
Elazaar Mohamed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment