Test ID:	1.3.6.1.4.1.25623.1.0.105067
Category:	Web application abuses
Title:	VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' RCE Vulnerability
Summary:	VMTurbo Operations Manager is prone to a remote command; execution (RCE) vulnerability.
Description:	Summary: VMTurbo Operations Manager is prone to a remote command execution (RCE) vulnerability. Vulnerability Insight: Input passed via the 'fileDate' GET parameter to /cgi-bin/vmtadmin.cgi (when 'callType' is set to 'DOWN' and 'actionType' is set to 'GETBRAND', 'GETINTEGRATE', 'FULLBACKUP', 'CFGBACKUP', 'EXPORTBACKUP', 'EXPERTDIAGS', or 'EXPORTDIAGS') is not properly sanitised before being used to execute commands. This can be exploited to inject and execute arbitrary shell commands with privileges of the 'wwwrun' user. Vulnerability Impact: An attacker may leverage this issue to execute arbitrary OS commands in the context of the affected application. Affected Software/OS: VMTurbo Operations Manager 4.6 and prior are vulnerable. Solution: Update to VMTurbo Operations Manager >= 4.6-28657. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5073 BugTraq ID: 69225 http://www.securityfocus.com/bid/69225 http://www.exploit-db.com/exploits/34335 http://disse.cting.org/2014/07/30/vmturbo-operation-manager-remote-command-execution/ http://packetstormsecurity.com/files/127864/VMTurbo-Operations-Manager-4.6-vmtadmin.cgi-Remote-Command-Execution.html http://secunia.com/secunia_research/2014-8/ http://www.osvdb.org/109572 http://secunia.com/advisories/58880 XForce ISS Database: vmturbo-cve20145073-cmd-exec(95319) https://exchange.xforce.ibmcloud.com/vulnerabilities/95319
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.