TWSL2012-008: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer

Trustwave SpiderLabs has published a new advisory yesterday for multiple vulnerabilities found in Scrutinizer NetFlow & sFlow Analyzer by Plixer International. For those who are unfamiliar with Scrutinizer NetFlow & sFlow Analyzer, it is a product used for network analysis to monitor the overal health of a network and reports statistics, such as which hosts, applications and protocols are consuming network bandwidth. These findings include a HTTP Authentication Bypass, SQL Injection, Persistent Cross-Site Scripting and Reflected Cross-Site Scripting vulnerabilities.

Tanya Secker who is a managing consultant for Trustwave SpiderLabs discovered these vulnerabilities in January of this year. SpiderLabs has reached out to Plixer International in February regarding these findings however the vendor declined to comment. Scrutinizer NetFlow & sFlow Analyzer version 8.6.2 (8.6.2.16204) has been confirmed vulnerable to these issues; however, other versions may be affected. We have confirmed that the latest stable release 9.0.1 (9.0.1.19899) has addressed all findings. So if you haven't already done so, make sure the latest version is installed.

Trustwave SpiderLabs has deployed protections for all these findings in the ModSecurity Commercial Rules Feed. Additionally, Trustwave's vulnerability scanning solution, TrustKeeper, has been updated to detect all findings.

For more details regarding this advisory, please visit:

https://www.trustwave.com/spiderlabs/advisories/TWSL2012-008.txt

Thanks to Ryan Barnett and Jonathan Claudius for their efforts to implement these protections for Trustwave products. Stay tuned for more advisory postings in the near future!

Trustwave reserves the right to review all comments in the discussion below. Please note that for security and other reasons, we may not approve comments containing links.