Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosures







# Exploit Title: [SKYBOX Security – Multiple 
Information Disclosure]
# Date: [22-Jan-2014]
# Exploit Author: [Luigi Vezzoso]
# Vendor Homepage: []
# Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14, 
6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57]
# Tested on: [Centos 6.4 kernel 2.6.32]
# CVE : [CVE-2014-2084]
A vulnerability has been found in some Skybox View Appliances’ Admin 
interfaces which would allow a potential malicious party to bypass 
the authentication mechanism and obtain read-only access to the 
appliance’s administrative menus. This would allow the malicious 
party to read system-related information such as interface names, IP 
addresses and the appliance status.
Skybox Security has a complete portfolio of security management 
tools that deliver the security intelligence needed to act fast to 
minimize risks and eliminate attack vectors.  Based on a powerful 
risk analytics platform that links data from vulnerability scanners, 
threat intelligence feeds, firewalls and other network infrastructure 
devices – Skybox gives you context to prioritize risks accurately and 
automatically, in minutes.  
It's possible to obtain useful information about the version and 
network configuration of skybox appliances bypassing the webui 
For the appliance system info open with a browser:
For the appliance network info open with a browser:
Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 
6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57
Please refer to the vendor security advisor: Security Advisory 2014-
Luigi Vezzoso 
skype:  luigivezzoso