New Banner 3

Services

Find out more about ProCheckUp's services including: Penetration Testing, PCI QSA and PCI ASV.

More detail

Client Quote

ProCheckUp are extremely flexible in meeting our requirements. The output is professional and of a consistently high standard with clear evidence that the testers are at the top of their game.
CPP

Warnings made of vulnerability in the 3Com Intelligent Management Centre that could result in lack of consumer control

25 May 2010 by SC Staff, SC Magazine

Organisations have been warned that they could lose control of their networks due to a vulnerability in the 3Com Intelligent Management Centre (IMC).

Penetration testing company ProCheckUp claimed that users of IMC are at risk of losing control of the application, which is designed to manage, monitor and control enterprise networks.

It reported that it was able to gain control of IMC without providing any passwords or authentication information. It said that this was completed through directory traversal, SQL admin account password retrieval and cross-site scripting attacks.

Rolando Fuentes, security consultant at ProCheckUp, claimed that this security hole could allow an attacker to alter switches and routers which are managed by the IMC, and potentially switch off a whole organisation's network and internet facilities.

Fuentes said: "This is an old attack which most modern systems are strengthened against; the potential risk and loss of earnings to a large organisation should this attack be carried out is not worth thinking about."

3Com have been informed and released a patched version that addresses the issues.

The following article appears on SC Magazine UK. You can click here to read it in its original source.

Back To listing