Zero-Day Vulnerability Found in Novell ZENworks

Rapid7 researcher Juan Vazquez recently uncovered a zero-day security flaw in Novell ZENworks Asset Management 7.5.

“ZENworks Asset Manager is a Web-based management console that integrates asset inventory, software usage, software management and contract management,” writes Threatpost’s Brian Donohue. “Users can also access network device data and edit information through the console.”

“Vazquez … explains that the web console of ZENworks Asset Management provides two maintenance calls that can be used with hard-coded credentials,” The H Security reports. “One of the calls allows remote attackers to gain access to the filesystem, while the other call gives details of the software’s backend database credentials in clear text. Vazquez discovered the vulnerability in August and immediately wrote a Metasploit module to exploit it.”

“We are currently unaware of a practical solution to this problem,” the United States Computer Emergency Readiness Team (US-CERT) states.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles