##############################################################################
#
# Title    : Netmechanica NetDecision Dashboard Server Information Disclosure 
#            Vulnerability
# Author   : Prabhu S Angadi SecPod Technologies (www.secpod.com)
# Vendor   : http://www.netmechanica.com
# Advisory : http://secpod.org/blog/?p=478
#            http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_Vuln.txt
#	     http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_PoC.py
# Software : Netmechanica NetDecision Dashboard Server version 1.0
# Date     : 05/12/2011
#
###############################################################################

SecPod ID: 1038     				05/12/2011 Issue Discovered
						21/02/2012 Vendor Notified
						22/02/2012 Vendor Acknowledge
						24/02/2012 Issue Resolved


Class: Information Disclosure			Severity: Medium


Overview:
---------
Netmechanica NetDecision 4.5.1 Dashboard Server version 1.0 is prone to 
information disclosure vulnerability.


Technical Description:
----------------------
The vulnerability is caused due to improper validation of malicious HTTP 
request to Dashboard server appended with '?' character, which discloses the 
Dashboard server's web script physical path.

CVE-2012-1464 : http://scaprepo.com/control.jsp?command=search&search=CVE-2012-1464


Impact:
--------
Successful exploitation could allow an attacker to cause disclosure of 
sensitive information.


Affected Software:
------------------
Netmechanica NetDecision 4.5.1 (full package) containing Dashboard Server 
version 1.0


Tested on:
-----------
Netmechanica NetDecision 4.5.1 (full package) containing Dashboard Server 
version 1.0 on Windows XP SP3 & Win XP2. Older versions might be affected.


References:
-----------
http://secpod.org/blog/?p=478
http://www.netmechanica.com/downloads
http://www.netmechanica.com/news/?news_id=26
http://www.netmechanica.com/netdecision_dashboard
http://scaprepo.com/control.jsp?command=search&search=CVE-2012-1464


Proof of Concept:
----------------
http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_PoC.py


Vendor URL:
----------------
http://www.netmechanica.com
http://www.netmechanica.com/news/?news_id=26


Solution:
----------
Upgrade to NetDecision 4.6.1


Risk Factor:
-------------
CVSS Score Report:
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = LOW
        AUTHENTICATION         = NOT_REQUIRED
        CONFIDENTIALITY_IMPACT = PARTIAL
        INTEGRITY_IMPACT       = NONE
        AVAILABILITY_IMPACT    = NONE
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
        Risk factor            = Medium

Credits:
--------
Prabhu S Angadi of SecPod Technologies has been credited with the discovery of this
vulnerability.