‘Eaton MGE OPS Network Shutdown Module Authentication Bypass Vulnerability and Code Execution’

Published on October 29th, 2008
Summary

‘EATON MGE Office Protection Systems designs and manufactures secured power products and solutions for enterprises, small business and homes. The Network Shutdown Module continuously wait for information from the Management Proxy or Management Card connected to the EATON UPS and warns administrators and users if AC power fails and proceeds with graceful system shutdown before the end of battery backup power is reached.

Remote exploitation of an authentication bypass vulnerability in Eaton MGE OPS Network Shutdown Module could allow an attacker to execute arbitrary code.

In detail, the following flaw was determined:
– Custom actions can be added to the MGE frontend without authentication required (pane_actionbutton.php)
– Actions can be executed (tested) without authentication required (exec_action.php)’

Credit:

‘The information has been provided by n.runs AG.’


Details

Vulnerable Systems:
 * Network Shutdown Module version 3.10

Immune Systems:
 * Network Shutdown Module version 3.10 build 13

Impact:
This problem can lead to a remote file execution vulnerability. It can allow an attacker to add and execute custom actions. The commands to be executed are included within the added action.

The vulnerability is present in MGE Network Shutdown Module software versions prior 3.10 build 13.

Solution:
EATON MGE Office Protection Systems has issued an update to correct this vulnerability. A new version of the software (version 3.20) can be found at: http://download.mgeops.com/explore/eng/network/net_sol.htm

Vendor communication:
2008/08/13 – initial notification of EATON MGE Office Protection Systems (MGEOPS)
2008/08/20 – second notification of MGEOPS
2008/08/20 – MGEOPS confirmation of receiving information
2008/08/25 – receiving patch proposal from MGEOPS
2008/08/29 – confirmation of proper patch, asking of release date
2008/09/02 – awaiting feedback regarding release date of the patch
2008/09/18 – patch and new version undergoing QA process of MGEOPS still no release date known
2008/10/07 – another request regarding the release date
2008/10/21 – MGEOPS informs n.runs AG about release of the new software version
2008/10/27 – n.runs AG releases this advisory’

Categories: News
Tags:

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability