Vulnerability Note VU#251133

S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs

Original Release date: 24 Jun 2010 | Last revised: 09 Jul 2010

Overview

S2 NetBox and related products do not adequately restrict access to node logs, backups, and employee photographs. A remote, unauthenticated attacker could use information obtained from a vulnerable system to aid in further attacks.

Description

S2 NetBox is a line of "...open architecture, scalable, IP network-ready products for the physical security industry that integrate access control, alarm monitoring, video surveillance, and temperature monitoring." S2 Netbox systems are operated entirely via a web interface.

The Netbox web server does not properly authenticate access to several directories, allowing an unauthenticated attacker to access network node logs, employee photographs, and backup archives.

Linear (formerly IEI) eMerge is based on S2 Netbox, and Sonitrol eAccess is based on Linear eMerge. eMerge and eAccess may also be affected by this vulnerability.

Impact

An unauthenticated, remote attacker can access node logs, backups, and employee photographs. An attacker may be able to crack passwords contained in a backup and gain administrative control over the system. Node logs and employee photographs could provide an attacker with reconnaissance information.

Solution

Upgrade or patch
S2 Security has made patches or upgrades available to address this vulnerability for Netbox versions 2.5, 3.3, and 4.0. Please contact S2 or Linear customer support.


Restrict access

Restrict network access to S2 Netbox systems to trusted and authorized hosts and networks. Separate management networks from general purpose user networks. Do not allow access from untrusted networks such as the internet.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Linear LLCAffected-25 May 2010
S2 SecurityAffected23 Mar 201012 May 2010
SonitrolAffected-09 Jul 2010
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

These vulnerabilities were researched and reported by Shawn Merdinger. Thanks to S2 Security for information used in this document.

This document was written by Art Manion.

Other Information

  • CVE IDs: CVE-2010-2466
  • Date Public: 24 Jun 2010
  • Date First Published: 24 Jun 2010
  • Date Last Updated: 09 Jul 2010
  • Severity Metric: 2.63
  • Document Revision: 31

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.