Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Serious Vulnerabilities Found in Riverbed SteelCentral Portal

Researchers at vulnerability management services provider Digital Defense have identified four security holes in Riverbed SteelCentral, a popular application and network performance monitoring product.

Researchers at vulnerability management services provider Digital Defense have identified four security holes in Riverbed SteelCentral, a popular application and network performance monitoring product.

The flaws affect the SteelCentral Portal application and they can be exploited by unauthenticated attackers for remote command execution and to obtain user information. The vulnerabilities were reported to Riverbed Technology in January and they were later patched by the vendor.

According to Digital Defense, there are two remote command execution vulnerabilities that can be exploited to take full control of the host running the SteelCentral Portal application, and from there hijack all connected data sources using administrator credentials.

One of the flaws, related to the UploadImageServlet function, can be exploited to upload arbitrary files to a directory that is remotely accessible. An attacker can upload a JavaServer Page (JSP) shell that allows execution of arbitrary commands with SYSTEM privileges.

The second RCE weakness is related to the H2 web console, a service that can be accessed remotely without authentication. In its advisory, Digital Defense said the H2 console is designed for access during development, but it’s still present in the default installation of the SteelCentral Portal.

Researchers determined that the console can be used to access the Portal’s PostgreSQL database – this database normally doesn’t allow remote connections, but the H2 console bypasses the restriction by connecting from localhost.

“Once connected to the PostgreSQL database, an attacker can create a new table; insert the file content for a JSP shell into the table, then export the table contents to a file in the root directory of the web application. An attacker can then gain access to a web shell without authentication, and run arbitrary commands with SYSTEM privileges,” Digital Defense said in its advisory.

Experts have also identified two information disclosure flaws that can be exploited by unauthenticated attackers to enumerate usernames. Once the usernames are obtained, a hacker can launch a brute-force attack against the SteelCentral Portal interface.

Advertisement. Scroll to continue reading.

Researchers managed to exploit the vulnerabilities in versions 1.3.1 and 1.4.0. Riverbed customers can obtain information on the patches through the company’s support portal.

Related: EMC Patches Critical Flaws in VMAX Storage Products

Related: Critical Flaws Found in Dell SonicWALL Product

Related: Lexmark Patches Critical Flaw in Printer Management Tool

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.