CVE-2014-5093
📋 TL;DR
CVE-2014-5093 is a critical vulnerability in Status2k server monitoring software where the installation directory is not removed after setup, allowing attackers to reset administrative credentials. This affects all Status2k installations where the default installation directory remains accessible. Attackers can gain complete control over the monitoring system.
💻 Affected Systems
- Status2k
📦 What is this software?
Status2k by Status2k
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the Status2k server allowing credential reset, administrative access, and potential lateral movement to monitored systems.
Likely Case
Unauthenticated attackers reset admin credentials and gain full control of the Status2k web interface to modify monitoring, execute commands, or access sensitive system information.
If Mitigated
No impact if installation directory is properly removed or access controls prevent external access to the install path.
🎯 Exploit Status
Exploitation is trivial - simply accessing the install directory URL allows credential reset without authentication. Public exploit code has been available since 2014.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: N/A
Vendor Advisory: N/A
Restart Required: No
Instructions:
1. Manually remove or restrict access to the Status2k installation directory. 2. Delete all setup/install files (install.php, setup.php, etc.). 3. Consider migrating to actively maintained monitoring software.
🔧 Temporary Workarounds
Remove Installation Directory
allDelete the Status2k installation directory containing setup files
rm -rf /path/to/status2k/install/
del /s /q C:\path\to\status2k\install\
Restrict Directory Access
allUse web server configuration to block access to install directory
# Apache: <Directory /path/to/status2k/install> Deny from all </Directory>
# Nginx: location ~ /install/ { deny all; }
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Status2k from untrusted networks
- Deploy web application firewall (WAF) rules to block access to /install/* paths
🔍 How to Verify
Check if Vulnerable:
Attempt to access http://status2k-server/install/ or http://status2k-server/setup/ - if accessible, system is vulnerable.Check Version:
Status2k does not have a standard version command; check web interface footer or configuration files.Verify Fix Applied:
Verify install directory returns 403/404 error and setup files are not present on filesystem.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 responses to /install/* or /setup/* paths
- Unusual admin credential changes or login patterns
Network Indicators:
- HTTP requests to install directory paths from untrusted sources
- Sudden changes in Status2k configuration or monitoring targets
SIEM Query:
web_access status_code=200 AND (uri_path="/install/*" OR uri_path="/setup/*")🔗 References
- http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95113
- http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95113
