CVE-2014-8270
published 2014-12-12CVE-2014-8270: BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system…
PriorityP350medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
20.08%
97.1th percentile
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bmc | track-it_! | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated password reset requests targeting the BMC Track-It! 11.3 password reset service endpoint, particularly those targeting accounts matching local system or domain administrator account names. ↗
- →Alert on creation of new accounts whose names match existing local system or domain administrator accounts in environments running BMC Track-It!, as this is a prerequisite step in the exploitation chain. ↗
- →The Metasploit auxiliary module `scanner/http/bmc_trackit_passwd_reset` can be used to validate exposure; detect its HTTP request patterns (unauthenticated password reset calls) in web/proxy logs as a network-based indicator of active exploitation attempts. ↗
- ·Risk is significantly elevated when the password reset service is configured to run under a domain administrator account, which is noted as the recommended/default configuration — this allows domain-level credential compromise. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654http://www.zerodayinitiative.com/advisories/ZDI-14-419/http://support.numarasoftware.com/support/articles.asp?how=%20AND%20&mode=detail&kcriteria=7508&ID=7654http://www.zerodayinitiative.com/advisories/ZDI-14-419/
2014-12-12
Published