Published: 21/03/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.4 | Impact Score: 5.5 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint Access Manager 2013 through 2017 allows a remote malicious user to enumerate internal Active Directory usernames and group names, and alter back-end server jobs (backup and synchronization jobs), which could allow for the possibility of a Denial of Service attack via a modified jobId parameter in a runJob.html GET request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
logonbox nervepoint access manager 1.2
logonbox nervepoint access manager 1.3
logonbox nervepoint access manager 1.4

PoCs PoCs for most of the zero days that I've discovered: CVE-2019-6716 - No - Unauthenticated IDOR CVE-2019-7751 - Yes - Directory Traversal & LFI CVE-2019-8385 - Yes - Directory Traversal & LFI

Main Posts CVE 2019-6716 Bypassing Trend Micro Apex One Leveraging Builtin or Bundled Commands #1: dotnetexe Introducing Enum4LinuxPy Python's Risky Subprocess Module & Finding a Vulerability In A Pentesting Tool

CWE-639 https://www.logonbox.com/en/https://www.exploit-db.com/exploits/46254/http://packetstormsecurity.com/files/151373/LongBox-Limited-Access-Manager-Insecure-Direct-Object-Reference.html https://nvd.nist.gov https://github.com/0v3rride/PoCs

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-6716

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect