CVE-2015-2998
published 2015-06-08CVE-2015-2998: SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by…
PriorityP342medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
26.35%
97.7th percentile
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sysaid | sysaid | <= 15.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP requests attempting to download WEB-INF/conf/serverConf.xml from SysAid Help Desk installations, which may indicate exploitation of the arbitrary file download vulnerability. ↗
- →Alert on access to serverConf.xml via web-facing SysAid endpoints; the file contains database credentials encrypted with a hardcoded, publicly known key, making any exfiltration immediately actionable by an attacker. ↗
- ·Vulnerability affects SysAid Help Desk versions before 15.2; exploitation has been confirmed on SysAid 14.4 on both Windows and Linux platforms. ↗
- ·The Metasploit module targets SysAid 14.4 on Windows and Linux; detection rules and hunting queries should be scoped to these platforms and version range. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SysAid Help Desk 14.4 - Multiple Vulnerabilities
exploitdb·2015-06-10·CVSS 7.5
CVE-2015-3001 [HIGH] SysAid Help Desk 14.4 - Multiple Vulnerabilities
SysAid Help Desk 14.4 - Multiple Vulnerabilities
---
>> Multiple vulnerabilities in SysAid Help Desk 14.4
>> Discovered by Pedro Ribeiro ([email protected]), Agile Information Security
Disclosure: 03/06/2015 / Last updated: 10/06/2015
>> Background on the affected product:
"SysAid is an ITSM solution that offers all the essentials, with everything you need for easy and efficient IT support and effective help desk operations. Its rich set of features includes a powerful service desk, asset management and discovery, self-service, and easy-to-use tools for understanding and optimizing IT performance."
Metasploit modules that exploit #1, #2, #3, #4, #5 and #6 have been released and should be integrated in the Metasploit framework soon.
All vulnerabilities affect both the Windows and Linux v
Metasploit
SysAid Help Desk Database Credentials Disclosure
metasploit
SysAid Help Desk Database Credentials Disclosure
SysAid Help Desk Database Credentials Disclosure
This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. This is used to download the server configuration file that contains the database username and password, which is encrypted with a fixed, known key. This module has been tested with SysAid 14.4 on Windows and Linux.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Jun/8http://www.securityfocus.com/archive/1/535679/100/0/threadedhttp://www.securityfocus.com/bid/75035https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-deskhttp://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Jun/8http://www.securityfocus.com/archive/1/535679/100/0/threadedhttp://www.securityfocus.com/bid/75035https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
2015-06-08
Published