Title: Compaq Management Software Proxy Vulnerability
Severity: MODERATE
Description:
A vulnerability exists in the web-enabled management software component of a number Compaq products.
The product uses TCP port :2301 to provide administrators with a management console which functions remotely via HTTP and a browser.
Traffic from within a protected network may be able to bypass the restrictions of that network's proxy server or firewall via port 2301, which is reserved for use by the management software. In addition, where the protected network does not have other firewalling measures in place, malicious traffic from an unprotected network (ie the Internet) can reach hosts on a protected network through the same port.
Any connections made via this unintended proxy are not logged.
This ability to send traffic to and from a protected network, circumventing the installed proxy server's normal restrictions, may allow an attacker to exploit other security vulnerabilities in the hosts on the protected network. As well, the anonymitity provided by the lack of logs may be used as a method to conceal the source of attacks on other systems.
Additionally, this vulnerability will disclose confidential information about the network infrastructure. The main webpage of the affected host will display IP addresses of other hosts and devices on the network, which may then be browsed(if they're listening on port 80). This can help the remote attacker to map the network, which can lead to attacks on the disclosed hosts.
Affected Products:
- Compaq Availability Agents 1.0.0
- Compaq Compaq Foundation Agents 4.0.0
- Compaq Compaq Foundation Agents 4.7.0
- Compaq Compaq Foundation Agents 4.8.0
- Compaq Compaq Foundation Agents 4.9.00B
- Compaq Compaq Foundation Agents 4.90.0
- Compaq Enterprise Volume Manager/Command Scripter 1.0.0
- Compaq Enterprise Volume Manager/Command Scripter 1.1.0
- Compaq Insight Management Agents 3.70.0
- Compaq Insight Management Agents 4.21.0A
- Compaq Insight Management Agents 4.22.0A
- Compaq Insight Management Agents 4.30.0A
- Compaq Insight Management Agents 4.30.0B
- Compaq Insight Management Desktop Web Agents 3.7.0
- Compaq Insight Manager LC 1.3.0c
- Compaq Insight Manager LC 1.50.0A
- Compaq Insight Manager XE 1.0.0
- Compaq Insight Manager XE 1.21.0
- Compaq Insight Manager XE 2.1.0
- Compaq Intelligent Cluster Administrator 1.0.0
- Compaq Intelligent Cluster Administrator 2.1.0
- Compaq Management Agents 4.30.0j
- Compaq Management Agents 4.35.0j
- Compaq Management Agents 4.36.0E
- Compaq Management Agents 4.36.0j
- Compaq Management Agents 4.37.0E
- Compaq Management Agents for Netware 2.28.0
- Compaq Management Agents for Workstations 4.20.0A
- Compaq Management Agents for Workstations 4.20.0B
- Compaq Open SAN Manager 1.0.0
- Compaq Storage Allocation Reporter 1.0.0
- Compaq Survey Utility 2.17.0
- Compaq Survey Utility 2.18.0
- Compaq Survey Utility 2.2.0
- Compaq Survey Utility 2.23.0
- Compaq Survey Utility 2.33.0
- Compaq System Healthcheck 3.0.0
- Compaq System Healthcheck 3.0.1
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
