Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution

3 weeks ago 9
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

Yahoo’s Paranoid vulnerability research team has identified nearly a dozen flaws in OpenText’s NetIQ iManager product, including some that could have been chained for unauthenticated remote code execution.

NetIQ iManager is an enterprise directory management tool that enables secure remote access to network administration utilities and content.

The Paranoid team discovered 11 vulnerabilities that could have been exploited individually for cross-site request forgery (CSRF), server-side request forgery (SSRF), remote code execution (RCE), arbitrary file upload, authentication bypass, file disclosure, and privilege escalation. 

Patches for these vulnerabilities were released with updates rolled out in April, and Yahoo has now disclosed the details of some of the security holes, and explained how they could be chained.

Of the 11 vulnerabilities they found, Paranoid researchers described four in detail: CVE-2024-3487, an authentication bypass flaw, CVE-2024-3483, a command injection flaw, CVE-2024-3488, an arbitrary file upload flaw, and CVE-2024-4429, a CSRF validation bypass flaw.

Chaining these vulnerabilities could have allowed an attacker to compromise iManager remotely from the internet by getting a user connected to their corporate network to access a malicious website. 

In addition to compromising an iManager instance, the researchers showed how an attacker could have obtained an administrator’s credentials and abused them to perform actions on their behalf. 

“Why does iManager end up being such a good target for attackers? iManager, like many other enterprise administrative consoles, sits in a highly privileged position, administering  downstream directory services,” explained Blaine Herro, a member of the Paranoids team and Yahoo’s Red Team. 

Advertisement. Scroll to continue reading.

“These directory services maintain user account information, such as usernames, passwords, attributes, and group memberships. An attacker with this level of control over user accounts can fool downstream applications that rely on it as a source of truth,” Herro added. 

Related: WhiteRabbitNeo: High-Powered Potential of Uncensored AI Pentesting for Attackers and Defenders

Related: Google Patches Critical Chrome Vulnerability Reported by Apple

Related: Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland

Read Entire Article