cbcvebase.
CVE-2014-9614
published 2020-02-19

CVE-2014-9614: The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain…

PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
66.64%
99.2th percentile
The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.

Affected

1 ranges
VendorProductVersion rangeFixed in
netsweepernetsweeper< 4.0.54.0.5

Detection & IOCsextracted from sources · hover to see the quote

url/webadmin/auth/verification.php
path/webadmin/
commandlogin=branding&password=branding&Submit=Login
cookieSet-Cookie: webadminU=
  • Successful authentication is indicated by an HTTP 302 redirect with Location header pointing to '../common/' or '../start/'
  • Successful login also sets a 'webadminU' session cookie in the response header
  • Monitor POST requests to /webadmin/auth/verification.php with the default credential body 'login=branding&password=branding'
  • ·Default credentials (username: branding, password: branding) are hardcoded for the branding account in Netsweeper Web Panel versions before 4.0.5

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.