Zero Day Discovered in Riverbed Technology’s Steel Central Portal

Riverbed Technology, Inc. is an American IT company that develops products to improve application performance across wide area networks (WANs), a technique known as WAN optimization.

Its products reduce latency and bandwidth constraints in delivering applications via WANs to multiple locations across long distances. It also develops products to support network and application performance management.

The Security Researchers at Digital Defence have found 4 severe vulnerabilities in the SteelCentral Portal application of the Riverbed Technologies which is one of the leading company in the USA.

Digital Defence Security Research released a post today explaining the vulnerability in the application.

The vulnerability allows an attacker to run an arbitrary code with system privileges however only two out of the four vulnerabilities have such flaw.

“We found a number of methods to bypass access restrictions and take control of appliances from the network,” said Mike Cotton, vice president of research and development at Digital Defense.

The vulnerabilities are said to be present in 1.3.1 and 1.4.0 versions of the software.

The two of the vulnerabilities allowed the remote code execution, provided complete host compromise and Full compromise of all connected SteelCentral data sources.

One vulnerability was Unauthenticated File Upload Remote Code Execution in UploadImageServlet and the other one was Unauthenticated Remote Code Execution via H2 Web Console.

The other two discloses the information via  DataSourceService Servlet and roleService Web Service respectively.

However, the Hacker should be present in the network to exploit the vulnerabilities.

Riverbed Technology has already been addressed of the flaws by the Digital Defence Team in the month of January.

The users don’t have to worry as the flaw has been already fixed last week for the software.

Riverbed Technology products are used by more than 90 percent of the Global 500 and according to the vendor’s websites, some SteelCentral customers include TMobile, Michelin, Colgate University and Turner Broadcasting.