CVE-2013-3512 Information

Description

The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not properly perform authorization checks which allows remote authenticated users to read or modify configuration settings via unspecified vectors as demonstrated by reading credentials.

Reference

http://www.kb.cert.org/vuls/id/345260 https://kb.groundworkopensource.com/display/SUPPORT/SA6.7.0-1+Some+web+components+allow+bypass+of+role+access+controls https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130308-1_GroundWork_Monitoring_Multiple_high_risk_vulnerabilities_part2_wo_poc_v10.txt