CVE-2014-2347
published 2014-05-06CVE-2014-2347: Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a…
PriorityP418low3.5CVSS 2.0
AVNACMAuSCPINAN
EXPLOIT
EPSS
2.42%
82.1th percentile
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amtelco | misecuremessages | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-phxp-3wwr-wjfr: Amtelco miSecureMessages (aka MSM) 6
ghsa_unreviewed·2022-05-17
CVE-2014-2347 [LOW] CWE-200 GHSA-phxp-3wwr-wjfr: Amtelco miSecureMessages (aka MSM) 6
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
CISA ICS
AMTELCO miSecure Vulnerabilities
cisa_ics·2014-05-01
AMTELCO miSecure Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
AMTELCO miSecure Vulnerabilities
Last RevisedMay 01, 2014
Alert CodeICSA-14-121-01
## OVERVIEW
Researcher Jared Bird of Allina Health reported multiple vulnerabilities in the AMTELCO miSecureMessage (MSM) medical messaging system. AMTELCO has an update available to all customers that mitigates the vulnerabilities. The vulnerabilities were discovered during cooperative testing between Allina Health and AMTELCO. This issue was separately reported to CERT/CC, which posted a notification on April 11, 2014, available here:
http://www.kb.cert.org/vuls/id/251628
These vulnerabilities
No detection rules found.
Exploit-DB
miSecureMessages 4.0.1 - Session Management / Authentication Bypass
exploitdb·2014-04-25
CVE-2014-2347 miSecureMessages 4.0.1 - Session Management / Authentication Bypass
miSecureMessages 4.0.1 - Session Management / Authentication Bypass
---
Affected Product
miSecureMessages from Amtelco - Tested on version: Client=4.0.1
Server=6.2.4552.30017
iOS: https://itunes.apple.com/us/app/misecuremessages/id423957478?mt=8
android: https://play.google.com/store/apps/details?id=com.amtelco.secure
website: https://misecuremessages.com/
Product Description
miSecureMessages is a secure, two-way instant smartphone and tablet
messaging Android™ App that uses encryption to keep your messages private.
Messages can be sent securely from device to device, and by using the
secure cloud-based or on-site directory solution. When you receive a
message from miSecureMessages, a Persistent Alert notifies you until you
acknowledge the message. You can view the message, and quickly
Exploit-DB
HP Data Protector - 'EXEC_BAR' Remote Command Execution
exploitdb·2014-02-16·CVSS 10.0
CVE-2013-2347 [CRITICAL] HP Data Protector - 'EXEC_BAR' Remote Command Execution
HP Data Protector - 'EXEC_BAR' Remote Command Execution
---
import argparse
import socket
"""
Exploit Title: HP Data Protector EXEC_BAR Remote Command Execution
Exploit Author: Chris Graham @cgrahamseven
CVE: CVE-2013-2347
Date: February 14, 2014
Vendor Homepage: www.hp.com
Version: 6.10, 6.11, 6.20
Tested On: Windows Server 2003, Windows Server 2008 R2
References:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03822422
http://www.zerodayinitiative.com/advisories/ZDI-14-008/
Details:
The omniinet service, which runs by default on port 5555, is susceptible
to numerous remotely exploitable vulnerabilities. By sending a malicious
EXEC_BAR packet (opcode 11), a remote attacker can force the omniinet
service to run an arbitrary command. On Windows, the omnii
No writeups or analysis indexed.
2014-05-06
Published