Description:
|
Template Security has discovered a serious user input validation vulnerability in the BlueCat Networks Proteus IPAM appliance. Proteus can be used to upload files to managed Adonis appliances to be downloadable by TFTP from the appliance. A Proteus administrator with privilege to add TFTP files and perform TFTP deployments can overwrite existing files and create new files as root on the Adonis DNS/DHCP appliance. This can be used for example to overwrite the system password database and change the root account password. Exploitation details provided. E
|