Vulnerabilities > CVE-2018-15657 - Server-Side Request Forgery (SSRF) vulnerability in 42Gears Suremdm 6.31/6.34/6.35

047910
CVSS 7.3 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
42gears
CWE-918
exploit available
NVD
Published: 2019-02-05
Updated: 2019-02-21

Summary

An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.

Vulnerable Configurations

Part Description Count
Application
42Gears
3

Common Weakness Enumeration (CWE)

D2sec

nameSureMDM File Disclosure
urlhttp://www.d2sec.com/exploits/suremdm_file_disclosure.html

Exploit-Db

fileexploits/windows/webapps/46305.txt
idEDB-ID:46305
last seen2019-02-01
modified2019-02-01
platformwindows
port80
published2019-02-01
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/46305
titleSureMDM < 2018-11 Patch - Local / Remote File Inclusion
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/151469/suremdm-lfirfi.txt
idPACKETSTORM:151469
last seen2019-02-02
published2019-02-02
reporterDigital Interruption
sourcehttps://packetstormsecurity.com/files/151469/SureMDM-Local-Remote-File-Inclusion.html
titleSureMDM Local / Remote File Inclusion

References