Ncomputing vSpace Pro v10 Directory Traversal Vulnerability – Proof of Concept (cve-2018-10201)
iSpeech.org
CVE-2018-10201
Ncomputing vSpace Pro Directory Traversal Vulnerability
[Description]
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with …/ or … or …./ or …. as a directory-traversal pattern to TCP port 8667. An attacker can make use of this vulnerability to step out of the root directory and access other parts of the file system. This might give the attacker the ability to view restricted files, which could provide the attacker with more information required to further compromise the system.
[Vulnerability Type]
Directory Traversal
[Vendor of Product]
NComputing
[Affected Product Code Base]
vSpace – Pro 10 vSpace – Pro 11
[Affected Component]
NcMonitorServer.exe TCP 8667
NC Monitor Server: Health monitoring agents connect to it to provide collected data
[Attack Type]
Remote
[Impact Information Disclosure]
True
[Discoverer]
Javier Bernardo – Kwell.net
email: javier@kwell.net
Anonymous leak email and passwords of Baltimore Police Officials involved in Freddie Gray’s death
https://nvd.nist.gov/vuln/detail/CVE-2018-10201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10201
Likes: 0
Viewed:
source
Gloss