Vulnerabilities > CVE-2015-8368 - 7PK - Security Features vulnerability in Ntop Ntopng

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

ntop

CWE-254

exploit available

NVD

Published: 2015-12-17

Updated: 2015-12-18

Summary

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.

Vulnerable Configurations

Part	Description	Count
Application	Ntop Ntop Ntopng 1.1 Ntop Ntopng 1.2.0 Ntop Ntopng 1.2.1 Ntop Ntopng 2.0.151021	4

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Exploit-Db

description	ntop-ng <= 2.0.151021 - Privilege Escalation. CVE-2015-8368. Webapps exploits for multiple platform
file	exploits/multiple/webapps/38836.txt
id	EDB-ID:38836
last seen	2016-02-04
modified	2015-12-01
platform	multiple
port
published	2015-12-01
reporter	Dolev Farhi
source	https://www.exploit-db.com/download/38836/
title	ntop-ng <= 2.0.151021 - Privilege Escalation
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/134593/ntopng20151021-escalate.txt
id	PACKETSTORM:134593
last seen	2016-12-05
published	2015-12-02
reporter	Dolev Farhi
source	https://packetstormsecurity.com/files/134593/ntop-ng-2.0.15102-Privilege-Escalation.html
title	ntop-ng 2.0.15102 Privilege Escalation

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References