CVE-2015-2996 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in SysAid Help Desk affects v. before 15.2.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
URL
Toolbox
-
SysAid Help Desk is a popular IT asset and service management solution that is used by many organizations for customer service, incident management, and IT support management. It allows users to automate tasks, track assets, and handle customer inquiries in a centralized system. SysAid provides a range of features such as ticket management, asset management, remote control, and many more, making IT support tasks more efficient and organized.
One major vulnerability that was detected in SysAid Help Desk is the CVE-2015-2996 vulnerability. This vulnerability allows remote attackers to exploit multiple directory traversal vulnerabilities in SysAid Help Desk before version 15.2. The vulnerability allows the attacker to read arbitrary files or cause a denial of service by inserting multiple.. (dot dot) characters in the fileName parameter of the getGfiUpgradeFile or calculateRdsFileChecksum API.
When exploited, CVE-2015-2996 can lead to serious consequences such as information disclosure, unauthorized access to sensitive data, and loss of critical information. The attacker can access confidential files, usernames, and passwords, leading to a data breach that can compromise the entire organization. Moreover, the attacker can cause a denial of service, which can disrupt the availability of the IT help desk system, causing significant business interruptions.
Thanks to the advanced features of the s4e.io platform, organizations can easily identify vulnerabilities in their digital assets. The platform provides advanced vulnerability scanning and penetration testing capabilities, enabling organizations to detect and remediate security risks quickly and efficiently. Moreover, the platform offers actionable insights and recommendations to improve the organization's security posture. Organizations can benefit from the comprehensive security solutions offered by the s4e.io platform to prevent cybersecurity threats and safeguard their digital assets.
REFERENCES
- seclists.org: 20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)
- securityfocus.com: 20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)
- http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html
- securityfocus.com: 75038
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
