La nuova immagine di TIM
Una nuova immagine con uno stile dinamico, colori moderni e persone che occupano quasi interamente la scena. Scopri di più
Presentazione dei Risultati H1 2025
Vai alla pagina
La Sostenibilità per TIM
Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci
Ultimi Comunicati Stampa
Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati
Vulnerability Description: Multiple Improper Access Control - CWE-284
Software Version: 12.1.0-20211215
NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-28805
CVSSv3:
Severity:
Credits: Luca Carbone, Fabio Romano, Stefano Scipioni, Massimiliano Brolli
The web application does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Step-by-step instructions and PoC
Any user logged in the web application can view pages or use functionalities that are normally accessible only by specific roles. In some cases, these functionalities can be accessed even without authentication. This vulnerability can be exploited in order to gather critical information or in order to have unauthorized access to some functionalities.
Affected Endpoints
· URL: https://[HOST]/[NODE-NAME]/IMCSCI-WebGui/advanced-settings.jsp
· URL: https://[HOST]/[NODE-NAME]/IMCSCI-WebGui /SaveFileUploader
Below are the evidences with the vulnerability details and the payloads used.
URL: https://[HOST]/[NODE-NAME]/IMCSCI-WebGui/advanced-settings.jsp
As an example, a user with the “Administrator” role can access the advanced settings page, which is normally available only to “System Administrator” users. This vulnerability can by exploited by simply inserting the appropriate endpoint in the URL.
URL: https://[HOST]/[NODE-NAME]/IMCSCI-WebGui/SaveFileUploader
We can access the “Upload file” functionality in order to upload arbitrary files on the filesystem without authentication.
Security Impact
By exploiting this vulnerability on the web application it was possible to have unauthorized access to critical information and functionalities.