CVE-2012-4933

Novell ZENworks Asset Management 7.5 - Info Disclosure

Title source: llm

Description

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.

Exploits (2)

metasploit WORKING POC

by juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/zenworks_assetmanagement_getconfig.rb

View Code ZIP pw:eip

metasploit WORKING POC

by juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess.rb

View Code ZIP pw:eip

References (4)

[US Government Resource] http://www.kb.cert.org/vuls/id/332412

[Exploit] https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/79252

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027682

Scores

EPSS 0.7702

EPSS Percentile 99.0%

Details

CWE

CWE-255

Status published

Products (1)

novell/zenworks_asset_management 7.5

Published Oct 20, 2012

Tracked Since Feb 18, 2026