Remote Code Execution Vulnerability in Novell ZENworks Configuration Management
CVE-2013-1080

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks Configuration Management
Vendor: CVE Published:; 29 March 2013

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 72%

What is CVE-2013-1080?

The web server component of Novell ZENworks Configuration Management versions prior to 11.2.4 is vulnerable to a remote code execution exploit due to improper authentication mechanisms for certain JSP pages. An attacker can exploit this vulnerability through crafted requests sent to TCP port 443, potentially allowing them to conduct directory traversal attacks. This can lead to unauthorized file uploads and execution of arbitrary programs, exposing the system to significant risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-1080 - Proof of Concept

References

http://www.novell.com/support/kb/doc.php?id=7011812

x_refsource_CONFIRM

http://www.novell.com/support/kb/doc.php?id=7012027

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-13-049/

x_refsource_MISC

EPSS Score

72% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 29, 2013
👾
Exploit known to exist
Mar 29, 2013
Vulnerability published
Mar 29, 2013
Vulnerability Reserved
Jan 11, 2013

CVE-2013-1080 Data

JSON