Vulnerability Details : CVE-2016-6598
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. This can be used to upload a file to the web root and achieve code execution as NETWORK SERVICE or SYSTEM.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2016-6598
Probability of exploitation activity in the next 30 days: 1.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-6598
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-6598
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6598
-
http://seclists.org/fulldisclosure/2018/Jan/92
Full Disclosure: [CVE-2016-6598/9]: RCE and admin cred disclosure in BMC Track-It! 11.4Exploit;Mailing List;Technical Description;Third Party Advisory
-
https://communities.bmc.com/community/bmcdn/bmc_track-it/blog/2016/01/04/track-it-security-advisory-24-dec-2015
Track-It!: Track-It! Security Advisory [24-Dec-... | BMC CommunitiesVendor Advisory
-
http://packetstormsecurity.com/files/146110/BMC-Track-It-11.4-Code-Execution-Information-Disclosure.html
BMC Track-It! 11.4 Code Execution / Information Disclosure ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://github.com/pedrib/PoC/blob/master/advisories/bmc-track-it-11.4.txt
PoC/bmc-track-it-11.4.txt at master · pedrib/PoC · GitHubExploit;Third Party Advisory
Products affected by CVE-2016-6598
- cpe:2.3:a:bmc:track-it\!:*:*:*:*:*:*:*:*
- cpe:2.3:a:bmc:track-it\!:11.4:hf1:*:*:*:*:*:*
- cpe:2.3:a:bmc:track-it\!:11.4:hf2:*:*:*:*:*:*