cbcvebase.
CVE-2014-9618
published 2017-09-19

CVE-2014-9618: The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and…

PriorityP180critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
73.31%
99.4th percentile
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.

Affected

12 ranges
VendorProductVersion rangeFixed in
netsweepernetsweeper<= 3.1.9
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper
netsweepernetsweeper

Detection & IOCsextracted from sources · hover to see the quote

url/webadmin/clientlogin/?srid=&action=showdeny&url=
othername=formtag action="../clientlogin/?srid=&action=showdeny&url="
  • Detect unauthenticated GET requests to the Netsweeper Client Filter Admin portal using the 'showdeny' action parameter, which bypasses authentication.
  • Match HTTP 200 responses to /webadmin/clientlogin/?srid=&action=showdeny&url= containing 'Netsweeper WebAdmin' and 'placeholder="Profile Manager">' in the body to confirm successful auth bypass.
  • ·The authentication bypass affects Netsweeper versions before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2. Patched versions will not be vulnerable to this specific request path.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.