CVE-2015-8284
published 2017-04-13CVE-2015-8284: SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
PriorityP260high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
4.18%
89.6th percentile
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| seawell_networks | spectrum_sdc | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/system_manage.php?username=viewer&password=viewer&password=viewer&userlevel=1&action=add_user&ekey=&LActiveRow=↗
url/system_manage.php?username=viewer1&password=viewer&password=viewer&userlevel=9&action=add_user&ekey=&LActiveRow=↗
url/system_manage.php?username=viewer1&password=&password=&userlevel=9&action=delete_user&ekey=4&LActiveRow=sys_Luser_4↗
url/system_manage.php?username=system&password=&password=&userlevel=9&action=delete_user&ekey=4&LActiveRow=sys_Luser_4↗
url/system_manage.php?username=admin&password=admin1&password=admin1&userlevel=9&action=update_user&ekey=3&LActiveRow=sys_Luser_3↗
- →Detect unauthenticated or low-privilege (viewer) access to system_manage.php with admin action parameters (action=add_user, action=delete_user, action=update_user) and userlevel=9 in the query string, indicating privilege escalation attempts. ↗
- →Alert on HTTP requests to configure_manage.php with action=download_config and a file parameter, especially containing path traversal sequences (e.g., ../), targeting sensitive files such as policy.xml, cookie_config.xml, or systemCfg.xml. ↗
- →Monitor for the response string '0Success1' from system_manage.php, which indicates a successful unauthorized administrative action was performed. ↗
- →Flag requests to system_manage.php where userlevel=9 is set by a non-admin session, as admin privilege level is denoted by userlevel=9 and viewer by userlevel=1. ↗
- ·The affected version is specifically Spectrum SDC 02.05.00, Build 02.05.00.0016; detections should be scoped to this product version. ↗
- ·The application uses default credentials (admin/admin) which may be present on unpatched deployments; detections for default credential login attempts are also relevant. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/135311/SeaWell-Networks-Spectrum-SDC-02.05.00-Traversal-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2016/Jan/58https://www.exploit-db.com/exploits/39266/http://packetstormsecurity.com/files/135311/SeaWell-Networks-Spectrum-SDC-02.05.00-Traversal-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2016/Jan/58https://www.exploit-db.com/exploits/39266/
2017-04-13
Published