CVE-2016-6598
CVE-2016-6598
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.htmlunverifiedexploitdbwww.exploit-db.com/exploits/43883unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.htmlhttps://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015http://seclists.org/fulldisclosure/2018/Jan/92https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt