Warnings made of vulnerability in the 3Com Intelligent Management Centre that could result in lack of consumer control
Organisations have been warned that they could lose control of their networks due to a vulnerability in the 3Com Intelligent Management Centre (IMC).
Penetration testing company ProCheckUp claimed that users of IMC are at risk of losing control of the application, which is designed to manage, monitor and control enterprise networks.
It reported that it was able to gain control of IMC without providing any passwords or authentication information. It said that this was completed through directory traversal, SQL admin account password retrieval and cross-site scripting attacks.
Rolando Fuentes, security consultant at ProCheckUp, claimed that this security hole could allow an attacker to alter switches and routers which are managed by the IMC, and potentially switch off a whole organisation's network and internet facilities.
Fuentes said: "This is an old attack which most modern systems are strengthened against; the potential risk and loss of earnings to a large organisation should this attack be carried out is not worth thinking about."
3Com have been informed and released a patched version that addresses the issues.
The following article appears on SC Magazine UK. You can click here to read it in its original source.
Authors