BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.
According to BreakingPoint's website, the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide organizations with the insight to battle-test IT infrastructures, train cyber warriors, tune systems and policies, and transform security processes to be proactive and effective.. BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.
An attacker may be able to gather sensitive configuration information including account credentials, session authentication tokens, test configurations, and test results of the BreakingPoint Systems Storm CTM device. It is also possible that an unauthenticated remote attacker may be able to retrieve a diagnostic report of the BreakingPoint Systems Storm CTM configuration which contains detailed system configuration information as well as account names and email addresses of authorized users.
Thanks to Jeff Jarmoc of Dell SecureWorks for reporting this vulnerability.