Test ID:	1.3.6.1.4.1.25623.1.0.108006
Category:	Web application abuses
Title:	Twonky Server < 7.2.11, 8.x < 8.1.2 Writing of Arbitrary Files Vulnerability
Summary:	Twonky Server is prone to a vulnerability which permits attackers with access to the local network; in which Twonky Server runs, to write arbitrary files on the host running the Twonky Server. It can be used to replace existing or; create new files on the file system, as accessible by the user under which user ID Twonky Server runs (which can be root).
Description:	Summary: Twonky Server is prone to a vulnerability which permits attackers with access to the local network in which Twonky Server runs, to write arbitrary files on the host running the Twonky Server. It can be used to replace existing or create new files on the file system, as accessible by the user under which user ID Twonky Server runs (which can be root). Vulnerability Impact: As this vulnerability can be used to overwrite and replace arbitrary files, this vulnerability can be used to gain control of the target system by overwriting system files or can create a denial of service attack by overwriting system critical files. Affected Software/OS: All systems running Twonky Server versions 7.0.x, 8.0 and 8.1 with enabled NMC web API or web API. Solution: Update your Twonky Server to a not vulnerable version 7.2.11/8.1.2 Mitigation: Add the following configuration options to the Twonky Server configuration file: enablenmcwebapi=0 enableweb=0 This will block access to the incriminated function. NOTE: Setting 'enableweb' to '0' will completely disable HTTP web access to Twonky Server! CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6505
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.