Security Bulletin: IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion (CVE-2013-6719 and CVE-2013-6720)

Summary

IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion. These vulnerabilities may be exploited to compromise the host system.

Vulnerability Details

Two areas of vulnerability are found in the IBM Tealeaf CX Passive Capture Application (PCA) web console (PHP) Builds 3611 and 3620:

• RCE (Remote Code Execution)
• LFI (Local File Inclusion)

RCE vulnerability: A non-root level user can substitute the command-line parameter with a string of commands and run different commands. PHP code runs at the non-root user level. This means there are very limited, non-critical operations that can be done.

PCA web console access is required to see the vulnerabilities. If login authentication is enabled, someone needs to bypass the authentication to determine what the exploits are. The PCA web console is also not an externally exposed web application. It is primarily an IT management console that is only used by IT, and possibly the IBM Tealeaf Administrator managing their networks.

LFI vulnerability: The LFI vulnerability allows for the ability to download files outside of files that are intended to be downloaded for customer support purposes (for example, log files). Although you are able to change the parameters, you are not able to download any root level files. Therefore, this vulnerability is minimal.

There are patches available for IBM Tealeaf CX Passive Capture Application Builds 3611 and 3620 to resolve these security vulnerabilities.

CVEID: CVE-2013-6719
Description: Remote OS command injection.
CVSS Base Score: 6.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89228 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
**
CVEID:** CVE-2013-6720
Description: Local File Inclusion.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89229 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N)

Affected Products and Versions

IBM Tealeaf Customer Experience v8.0-v8.8

Remediation/Fixes

Product

|

VRMF

|

Remediation/First Fix

—|—|—

IBM Tealeaf Customer Experience

|

8.8

| https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.8_IBMTealeaf_PCA-3625-4_SecurityRollup_FixPack

IBM Tealeaf Customer Experience

|

8.7

| https://www.ibm.com/support/entry/portal/search_results?sn=spe&filter=keywords:ibmsupportfixcentralsearch&q=8.7_IBMTealeaf_PCA-3615-4_SecurityRollup_FixPack

IBM Tealeaf Customer Experience

|

8.6 and earlier

| You can contact the Technical Support team for guidance.
For versions before v8.7, IBM recommends upgrading to a later supported version of the product.

Workarounds and Mitigations

None.