Novus Managment System Vulnerabilities (CVE-2021-34820, CVE-2021-38421)

fulldisclosure logo
Full Disclosure
mailing list archives

Novus Managment System Vulnerabilities (CVE-2021-34820, CVE-2021-38421)

From: Dariusz G <dariusz.gonda () gmail com>
Date: Thu, 8 Jul 2021 09:55:07 +0200


Vulnerabilities mentioned below are fixed in the NMS with 1.51.2 version.
Vendor has already published the patches. Please visit to download patches for the NMS software. I believe
that all NMS software with version below 1.51.2 is affected by Web Path
Traversal and Cross-Site Scripting vulnerabilities. However the vendor was
not able to provide a clear statement  about affected versions of NMS

CVE-2021-34820  - Web Path Directory Traversal

Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP
Server is affected by the Directory Traversal for Arbitrary File Access
vulnerability. A remote, unauthenticated attacker using an HTTP GET request
may be able to exploit this issue to access sensitive data. The issue was
discovered in the NMS (Novus Management System) software.

Severity: Critical CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L (10)
Credit: Dariusz Gońda

CVE-2021-38421 Cross Site Scripting (Reflected)

The NMS before version 1.51.2, the WebUI has wrong HTTP 404 error handling
implemented. A remote, unauthenticated attacker may be able to exploit the
issue by sending malicious HTTP requests to non-existing URIs. The value of
the URL path filename is copied into the HTML document as plain text

Severity: Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (5.3)
Credit: Dariusz Gońda


10 April 2021 - bug discovered
12 April 2021 - vendor informed
13 April 2021 - vendor asked to provide more details about Web Directory
Path Traversal issue 20 April 2021 - vendor confirmed vulnerabilities
16 June 2021 - vendor provided the statement that a patch has been already
17 June 2021 – CVE numbers assigned
8 July 2021 - vulnerabilities published

Dariusz Gońda

Sent through the Full Disclosure mailing list
Web Archives & RSS:

  By Date  
  By Thread  

Current thread:

  • Novus Managment System Vulnerabilities (CVE-2021-34820, CVE-2021-38421) Dariusz G (Jul 09)

Source link