1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Network management vendors patch SQLi and XSS flaws

Discussion in 'CSO' started by RSS, Dec 16, 2015.

  1. RSS

    RSS New Member Member

    Rapid7 released four notifications on Wednesday, addressing six vulnerabilities in Network Management Systems offered by Opsview, Spiceworks, Ipswitch, and Castle Rock.

    Network Management Systems, commonly used to track networked assets using protocols like SNMP (Simple Network Management Protocol), are an easy way to catalogue basic details about connected systems; admins use them to get hostnames, OS information, and more. SNMP was designed for this purpose specifically.

    However, NMS products operate on a presumption that the assets on a local network are friendly. Such assumptions are a cardinal sin in security, because it leads to trusting user-supplied input, which is never a good idea.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page