1.0.2

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

novell

CWE-399

metasploit

NVD

Published: 2011-07-17

Updated: 2018-10-09

Summary

NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.

Vulnerable Configurations

Part	Description	Count
Application	Novell Novell File Reporter 1.0.1 Novell File Reporter 1.0.1.1 Novell File Reporter 1.0.2	3

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Metasploit

description	NFRAgent.exe in Novell File Reporter allows remote attackers to delete arbitrary files via a full pathname in an SRS request with OPERATION set to 4 and CMD set to 5 against /FSF/CMD. This module has been tested successfully on NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1) on Windows platforms.
id	MSF:AUXILIARY/ADMIN/HTTP/NOVELL_FILE_REPORTER_FILEDELETE
last seen	2019-12-28
modified	2017-07-24
published	2012-09-13
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2750 http://aluigi.org/adv/nfr_2-adv.txt
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb
title	Novell File Reporter Agent Arbitrary File Delete

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Metasploit

References