CVE-2020-17408

CVSS 7.5 HIGHEPSS 74.0%CWE-611

In short

NEC ExpressCluster's web interface has a flaw that allows attackers to read sensitive files from the server without logging in. By sending a specially crafted request, an attacker can trick the system into opening files and revealing their contents.

Technical detail

The clpwebmc executable improperly processes XML External Entity (XXE) references, allowing unauthenticated remote attackers to read arbitrary files by injecting malicious XML URIs that the parser resolves and embeds into responses. Exploitation requires no authentication and operates in the SYSTEM context.

Summary generated and translated by AI from the official description.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-10801.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

NEC · ExpressCluster

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.support.nec.co.jp/en/View.aspx?id=9510100319 https://www.zerodayinitiative.com/advisories/ZDI-20-1102/