MX60 VoIP Voice Gateway permission Escalation Vulnerability

Source: Internet
Author: User

Tested by: mx60 VoIP Voice Gateway Bug: getting the administrator password to log on to control the entire gateway. Impact scope: no device test is available for users with MX and operators, haha MX60 introduction Figure 1 Brief Description: MX60 is a carrier-level Voice Gateway. The permission settings for managing users are divided into two levels: Administrator and operator. The specific permission is granted to me (figure 2 ). However, the permissions to the operator are not set in place, so we can gain control of the entire gateway. Figure 2 process: under normal circumstances, neither www.2cto.com nor www.2cto.com can log on as an operator, nor can it be used to change the password (without changing permissions, it also makes sense to log on ). But this is different for us. One day, I received a notification asking me to manage the company's voice platform and settings, but I didn't tell me anything about the foundation. I didn't even know anything about the management password. In my heart, that's really unpleasant. The voice platform is said to have been used before and will never be used at any time. I don't know how the lines are connected. I had to look for du Niang and GG. This is really rare. After I flipped through XXOO, I finally got a description document. I wiped it. It seems a little too far away. Let's get the result directly. For details about the process, see the illustration. In this way, everything is done. You can only write it like this. Let's take a look.

Author: Media Security China (wW. w. SiteDirSec. CoM) Management Group

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.