1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Track IT CVE-2014-4872

Attack: Track IT CVE-2014-4872

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of leveraging an unauthorized-access vulnerability in Track-IT! which could lead to system compromise.

Additional Information

Track-It! is an IT help desk software.

Track-It! is prone to an unauthorized-access vulnerability because it exposes 'FileStorageService' and 'ConfigurationService' .NET services on port 9010 without authentication. This allows an attcker to perform unauthorized actions such as uploading arbitrary file, execute code and gain access to sensitive information.

Attackers can exploit this issue to upload arbitrary file, execute code and gain unauthorized access. This may aid in further attacks.

Affected

  • BMC Track-It! 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube