Description
The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MAPG-8GANCC
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/520430
Various Sources x_refsource_misc
http://www.secureworks.com/research/advisories/SWRX-2012-005/
Scores
EPSS
0.0181
EPSS Percentile
75.9%
Details
CWE
CWE-287
Status
published
Products (5)
breakingpointsystems/breakingpoint_storm_appliance
breakingpointsystems/breakingpoint_storm_appliance_ctm
1.2
breakingpointsystems/breakingpoint_storm_appliance_ctm
1.4
breakingpointsystems/breakingpoint_storm_appliance_ctm
1.5
breakingpointsystems/breakingpoint_storm_appliance_ctm
< 2.0
Published
Aug 12, 2012
Tracked Since
Feb 18, 2026