Yahoo’s Paranoid vulnerability research team has identified nearly a dozen flaws in OpenText’s NetIQ iManager product, including some that could have been chained for unauthenticated remote code execution.
NetIQ iManager is an enterprise directory management tool that enables secure remote access to network administration utilities and content.
The Paranoid team discovered 11 vulnerabilities that could have been exploited individually for cross-site request forgery (CSRF), server-side request forgery (SSRF), remote code execution (RCE), arbitrary file upload, authentication bypass, file disclosure, and privilege escalation.
Patches for these vulnerabilities were released with updates rolled out in April, and Yahoo has now disclosed the details of some of the security holes, and explained how they could be chained.
Of the 11 vulnerabilities they found, Paranoid researchers described four in detail: CVE-2024-3487, an authentication bypass flaw, CVE-2024-3483, a command injection flaw, CVE-2024-3488, an arbitrary file upload flaw, and CVE-2024-4429, a CSRF validation bypass flaw.
Chaining these vulnerabilities could have allowed an attacker to compromise iManager remotely from the internet by getting a user connected to their corporate network to access a malicious website.
In addition to compromising an iManager instance, the researchers showed how an attacker could have obtained an administrator’s credentials and abused them to perform actions on their behalf.
“Why does iManager end up being such a good target for attackers? iManager, like many other enterprise administrative consoles, sits in a highly privileged position, administering downstream directory services,” explained Blaine Herro, a member of the Paranoids team and Yahoo’s Red Team.
Advertisement. Scroll to continue reading.
“These directory services maintain user account information, such as usernames, passwords, attributes, and group memberships. An attacker with this level of control over user accounts can fool downstream applications that rely on it as a source of truth,” Herro added.
Related: WhiteRabbitNeo: High-Powered Potential of Uncensored AI Pentesting for Attackers and Defenders
Related: Google Patches Critical Chrome Vulnerability Reported by Apple
Related: Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland