Vulnerabilities > CVE-2018-15657 - Server-Side Request Forgery (SSRF) vulnerability in 42Gears Suremdm 6.31/6.34/6.35
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
D2sec
name | SureMDM File Disclosure |
url | http://www.d2sec.com/exploits/suremdm_file_disclosure.html |
Exploit-Db
file | exploits/windows/webapps/46305.txt |
id | EDB-ID:46305 |
last seen | 2019-02-01 |
modified | 2019-02-01 |
platform | windows |
port | 80 |
published | 2019-02-01 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/46305 |
title | SureMDM < 2018-11 Patch - Local / Remote File Inclusion |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/151469/suremdm-lfirfi.txt |
id | PACKETSTORM:151469 |
last seen | 2019-02-02 |
published | 2019-02-02 |
reporter | Digital Interruption |
source | https://packetstormsecurity.com/files/151469/SureMDM-Local-Remote-File-Inclusion.html |
title | SureMDM Local / Remote File Inclusion |
References
- https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/
- https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/
- https://www.exploit-db.com/exploits/46305/
- https://www.exploit-db.com/exploits/46305/