search menu icon-carat-right cmu-wordmark

CERT Coordination Center

BreakingPoint Systems Storm CTM information disclosure vulnerabilities

Vulnerability Note VU#520430

Original Release Date: 2012-08-02 | Last Revised: 2012-08-02

Overview

BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.

Description

According to BreakingPoint's website, the BreakingPoint Storm creates real-world, high-stress conditions and user behavior to provide organizations with the insight to battle-test IT infrastructures, train cyber warriors, tune systems and policies, and transform security processes to be proactive and effective.. BreakingPoint Systems Storm CTM contains two vulnerabilities which could allow an attacker access to sensitive configuration information.

    • CVE-2012-2963: The BreakingPoint Systems Control Center GUI and administrative clients communicate in plaintext. All information exchanged between client and server, including the username and password, are sent in plain text XML transfers over tcp/8880. For additional information see Dell SecureWorks security advisory SWRX-2012-005.
    • CVE-2012-2964: The BreakingPoint Systems Storm CTM administrative interface does not properly check for authorization. User-controllable requests supplied to the ‘/gwt/BugReport’ script of the embedded web server are not properly checked for authorization. An unauthenticated remote attacker can leverage this issue to retrieve a diagnostic report of the system’s configuration. This report, delivered as a .tgz archive, includes sensitive information, including system logs, test results, and detailed system configuration information as well as account names and email addresses of authorized users. For additional information see Dell SecureWorks security advisory SWRX-2012-006.

Impact

An attacker may be able to gather sensitive configuration information including account credentials, session authentication tokens, test configurations, and test results of the BreakingPoint Systems Storm CTM device. It is also possible that an unauthenticated remote attacker may be able to retrieve a diagnostic report of the BreakingPoint Systems Storm CTM configuration which contains detailed system configuration information as well as account names and email addresses of authorized users.

Solution

Update
The vendor has stated that these vulnerabilities will be resolved in BreakingPoint Systems Storm CTM version 3.0. Users are advised to update to BreakingPoint Systems Storm CTM version 3.0 or higher, when it is available.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing a BreakingPoint Systems Storm CTM appliance using stolen credentials from a blocked network location.

Vendor Information

520430
 
Affected   Unknown   Unaffected

BreakingPoint Systems Inc

Notified:  April 26, 2011 Updated:  August 02, 2012

Status

  Affected

Vendor Statement

The vendor has stated that these vulnerabilities will be resolved in BreakingPoint Systems Storm CTM version 3.0. Users are advised to update to BreakingPoint Systems Storm CTM version 3.0 or higher, when it is available.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N
Temporal 3.6 E:U/RL:W/RC:UC
Environmental 1.1 CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Thanks to Jeff Jarmoc of Dell SecureWorks for reporting this vulnerability.

This document was written by Michael Orlando.

Other Information

CVE IDs: CVE-2012-2963, CVE-2012-2964
Date Public: 2012-08-01
Date First Published: 2012-08-02
Date Last Updated: 2012-08-02 11:23 UTC
Document Revision: 38

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.