cbcvebase.
CVE-2015-2997
published 2015-06-08

CVE-2015-2997: SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as…

PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
57.20%
98.9th percentile
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.

Affected

1 ranges
VendorProductVersion rangeFixed in
sysaidsysaid<= 15.1

Detection & IOCsextracted from sources · hover to see the quote

urlgetAgentLogFile
  • Detect requests to the 'getAgentLogFile' endpoint with an invalid or oversized 'accountid' parameter value (e.g., a large directory traversal sequence such as '../../..') — this is the information disclosure trigger for CVE-2015-2997.
  • CVE-2015-2997 is chained with CVE-2015-2996 (directory traversal file download) in exploitation; monitor for sequential unauthenticated requests first to 'getAgentLogFile' (path disclosure) followed by a traversal-based file download request.
  • The exploit chain works against unauthenticated users; flag any unauthenticated HTTP requests to SysAid endpoints 'getAgentLogFile' with anomalous 'accountid' parameter values.
  • ·The information disclosure vulnerability (CVE-2015-2997) does not work on Windows platforms — path disclosure via error message only occurs on Linux deployments.
  • ·On Windows, the subsequent directory traversal (CVE-2015-2996) is limited to the current drive; files on a different drive letter cannot be retrieved.
  • ·Affected versions are SysAid Help Desk before 15.2; the Metasploit module was tested specifically against SysAid 14.4 on both Windows and Linux.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.