NetSupport Manager Gateway HTTP Protocol Information Disclosure

medium Nessus Plugin ID 50546

Synopsis

The remote web server hosts an application that is affected by an information disclosure vulnerability.

Description

The NetSupport Manager Gateway install on the remote host supports unencrypted communication with NetSupport Manager controls and clients. By monitoring traffic between NetSupport Manager controls, clients and the gateway, it may be possible for an attacker to gain sensitive information about the client machine.

Solution

Upgrade to NetSupport Manager 11.00.0005 or later, and consider blocking communication with NetSupport Manager clients and controls that do not support encryption.

See Also

http://www.nessus.org/u?92cb9630

Plugin Details

Severity: Medium

ID: 50546

File Name: netsupport_gateway_info_disclosure.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 11/10/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:netsupportsoftware:netsupport_manager

Required KB Items: Services/netsupport-gateway

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 10/8/2010

Vulnerability Publication Date: 10/8/2010

Reference Information

CVE: CVE-2010-4184

BID: 44629

CERT: 465239

Secunia: 42104