Vulnerability Details : CVE-2012-4933
Public exploit exists!
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
Exploit prediction scoring system (EPSS) score for CVE-2012-4933
96.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2012-4933
-
Novell ZENworks Asset Management 7.5 Configuration Access
First seen: 2020-04-26auxiliary/scanner/http/zenworks_assetmanagement_getconfigThis module exploits a hardcoded user and password for the GetConfig maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing -
Novell ZENworks Asset Management 7.5 Remote File Access
First seen: 2020-04-26auxiliary/scanner/http/zenworks_assetmanagement_fileaccessThis module exploits a hardcoded user and password for the GetFile maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a
CVSS scores for CVE-2012-4933
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2012-4933
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4933
-
http://www.kb.cert.org/vuls/id/332412
VU#332412 - Novell ZENworks Asset Management 7.5 web console information disclosure vulnerabilityUS Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79252
Novell ZENworks Asset Management default password CVE-2012-4933 Vulnerability Report
-
https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks
New 0day Exploit: Novell ZENworks CVE-2012-4933 VulnerabilityExploit
-
http://www.securitytracker.com/id?1027682
Novell ZENworks Asset Management Discloses Arbitrary Files to Remote Users - SecurityTracker
Products affected by CVE-2012-4933
- cpe:2.3:a:novell:zenworks_asset_management:7.5:*:*:*:*:*:*:*