CVE-2014-5445
published 2014-12-04CVE-2014-5445: Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote…
PriorityP354medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
98.17%
99.9th percentile
Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allow remote attackers or remote authenticated users to read arbitrary files via a full pathname in the schFilePath parameter to the (1) CSVServlet or (2) CReportPDFServlet servlet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_it360 | — | — |
| zohocorp | manageengine_netflow_analyzer | 8.6 – 10.2 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to /netflow/servlet/CSVServlet or /netflow/servlet/CReportPDFServlet containing a 'schFilePath' parameter with an absolute path (e.g. starting with '/' or a Windows drive letter like 'C:\') — this is the exploitation pattern for CVE-2014-5445. ↗
- →The vulnerability is unauthenticated in NetFlow Analyzer, so any unauthenticated request to the affected servlets with a schFilePath parameter should be treated as highly suspicious. ↗
- →A Metasploit auxiliary module (auxiliary/admin/http/netflow_file_download) exists for this vulnerability; look for its characteristic HTTP request patterns against the CSVServlet endpoint. ↗
- →When targeting Windows hosts, attackers must escape backslashes in the path parameter (e.g. C:\\boot.ini); detect double-backslash sequences in the schFilePath query parameter value. ↗
- ·Affected versions are NetFlow Analyzer 8.6 through 10.2 and IT360 10.3; version 10.2 was confirmed still vulnerable after a supposed fix release. ↗
- ·No official patch was available at time of disclosure (105 days after initial report); verify patch status before assuming remediation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
exploitdb·2014-12-03·CVSS 5.0
CVE-2014-5446 [MEDIUM] ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
ManageEngine Netflow Analyzer / IT360 - Arbitrary File Download
---
>> Arbitrary file download in ManageEngine Netflow Analyzer and IT360
>> Discovered by Pedro Ribeiro ([email protected]), Agile Information Security
Disclosure: 30/11/2014 / Last updated: 3/12/2014
>> Background on the affected product:
"NetFlow Analyzer, a complete traffic analytics tool, leverages flow technologies to provide real time visibility into the network bandwidth performance. NetFlow Analyzer, primarily a bandwidth monitoring tool, has been optimizing thousands of networks across the World by giving holistic view about their network bandwidth and traffic patterns. NetFlow Analyzer is a unified solution that collects, analyzes and reports about what your network bandwidth is being used for and by whom."
"Mana
Metasploit
ManageEngine NetFlow Analyzer Arbitrary File Download
metasploit
ManageEngine NetFlow Analyzer Arbitrary File Download
ManageEngine NetFlow Analyzer Arbitrary File Download
This module exploits an arbitrary file download vulnerability in CSVServlet on ManageEngine NetFlow Analyzer. This module has been tested on both Windows and Linux with versions 8.6 to 10.2. Note that when typing Windows paths, you must escape the backslash with a backslash.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.htmlhttp://seclists.org/fulldisclosure/2014/Dec/9http://www.securityfocus.com/archive/1/534122/100/0/threadedhttp://www.securityfocus.com/archive/1/534141/100/0/threadedhttp://www.securityfocus.com/bid/71404https://exchange.xforce.ibmcloud.com/vulnerabilities/99045https://github.com/rapid7/metasploit-framework/pull/4282https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txthttps://support.zoho.com/portal/manageengine/helpcenter/articles/cve-2014-5445-cve-2014-5446-fix-for-arbitrary-file-downloadhttp://packetstormsecurity.com/files/129336/ManageEngine-Netflow-Analyzer-IT360-File-Download.htmlhttp://seclists.org/fulldisclosure/2014/Dec/9http://www.securityfocus.com/archive/1/534122/100/0/threadedhttp://www.securityfocus.com/archive/1/534141/100/0/threadedhttp://www.securityfocus.com/bid/71404https://exchange.xforce.ibmcloud.com/vulnerabilities/99045https://github.com/rapid7/metasploit-framework/pull/4282https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_netflow_it360_file_dl.txthttps://support.zoho.com/portal/manageengine/helpcenter/articles/cve-2014-5445-cve-2014-5446-fix-for-arbitrary-file-download
2014-12-04
Published