Ericom AccessNow Server 2.x Multiple Vulnerabilities
This document is a technical advisory for weaknesses found in Ericom AccessNow Server. This document is being released in order to alert Ericom customers to the risks detailed below and to request remediation. Please note that this document may be subject to modification as new information becomes available.
Commissum Senior Consultant Liam Romanis identified a number of vulnerabilities in Ericom AccessNow Server version 184.108.40.20631 installed on a client’s site which included:
- Directory Traversal: An attacker may be able to retrieve arbitrary files from the host operating system of the Ericom AccessNow Server.
- With further interaction with the vendor and client we were able to establish that version 2.x (including 2.2 and 2.4) was vulnerable.
Cross-Site Scripting Proof Of Concept
This proof of concept attack string is provided for the customers to attempt to replicate the issue:
This request should result in a message box being displayed containing the text ‘123’.
The effective attack string for this issue is:
However, it should be noted that it did not appear possible to exploit this issue using a browser request.
This proof of concept attack script is provided for customers to attempt to replicate the issue:
# Liam Romanis 24/03/2015
# Directory Traversal in Ericon AccessNow Server version 220.127.116.1131
import sys, urllib2
print “[+] Attempting test – Once you see ~$ hit return to see contents of file”
opener.addheaders=[('User-agent', '(); Content-Type: text/plain ;' +command)]
for line in response.readlines():
except Exception as e: print e
Customers are recommended to upgrade all Ericom AccessNow servers to the latest version (3.5.x).