Four Network Management Systems Vulnerable to SQLi and XSS Attacks

Security researchers have found six vulnerabilities in the products of four vendors of NMSs (Network Management Systems), four cross-site scripting (XSS) and two SQL injection (SQLi) flaws.

Network Management Systems are software applications used generally by system or network administrators, as a way to query, centralize and manage information about devices and assets connected to a specific network.

NMSs work with data collected via the SNMP (Simple Network Management Protocol), but do it via user-friendly UIs, usually coded as desktop applications or self-hosted Web portals.

According to Rapid7's Deral Heiland and independent security researcher Matthew Kienow, four such NMS systems are vulnerable to attacks from malicious actors, who can gain access to applications, and use them to carry out further attacks.

Since NMSs are whitelisted in most security products, attackers that manage to compromise such systems have a higher chance of carrying out successful attacks on a company's internal network than if coming from an outside source.

Four XSS and 2 SQLi vulnerabilities

The affected vendors are Spiceworks (XSS), Opsview (XSS), Ipswitch (XSS+SQLi), and Castle Rock Computing (XSS+SQLi). Except Castle Rock Computing, all other security vendors have created and deployed patches for all affected products.

While the XSS flaws lead to attackers getting hold of user session information, which can be used to get access to the management interface itself, the SQL injection bugs allow attackers access to the underlying database.

From here, stealing information about all connected devices is much easier and faster, and depending on the version of the database and how the database was set up, attackers can also escalate privileges over the server itself.

Below is a table of the vulnerabilities.  

Ipswitch PoC