1. Introduction
EyesOfNetwork HTTP API Detection identifies a Restful API application used for interacting with the EON application suite on your network. This is a potential information disclosure point and could allow attackers to gain access to sensitive data within the EON ecosystem. Systems affected are typically those running the EyesOfNetwork software.
2. Technical Explanation
EyesOfNetwork, a Restful API application, has been detected on the remote host. Attackers can exploit this by attempting unauthorized access to the API endpoints to retrieve information or potentially manipulate data within the EON suite. The primary risk is remote exploitation of the API.
- Root cause: Presence of the EyesOfNetwork Restful API application.
- Exploit mechanism: An attacker could send malicious requests to the API endpoints, attempting to bypass authentication or authorization checks.
- Scope: Systems running the EyesOfNetwork software are affected.
3. Detection and Assessment
To confirm if a system is vulnerable, check for the presence of the application and its associated files. A thorough method involves reviewing network traffic for API communication.
- Quick checks: Check running processes for “eonapi” or similar names.
- Scanning: Nessus plugin ID 16840 can detect this vulnerability as an example.
- Logs and evidence: Review application logs for unusual activity or access attempts.
ps -ef | grep eonapi4. Solution / Remediation Steps
The following steps outline how to address the presence of the EyesOfNetwork HTTP API.
4.1 Preparation
- Ensure you have access to the system’s configuration files and restart capabilities. A roll back plan involves restoring the backed-up configurations.
- Change windows may be required depending on service criticality, requiring approval from IT management.
4.2 Implementation
- Step 1: Review the EyesOfNetwork documentation for recommended security practices and updates.
- Step 2: If the API is not required, uninstall the EyesOfNetwork software completely.
- Step 3: If the API is required, ensure it’s running on the latest version with all available security patches applied.
4.3 Config or Code Example
This vulnerability does not typically involve a specific configuration change but rather ensuring the software is up-to-date and securely configured.
Before
N/A - Vulnerability relates to application presence, not config.After
Ensure EyesOfNetwork software is up-to-date and securely configured according to vendor documentation.4.4 Security Practices Relevant to This Vulnerability
Several security practices can mitigate the risk associated with this vulnerability.
- Practice 1: Least privilege – restrict access to the API endpoints to only authorized users and systems.
- Practice 2: Patch cadence – regularly update the EyesOfNetwork software to address known vulnerabilities.
4.5 Automation (Optional)
Automation is not directly applicable for this vulnerability, as it relates to application presence and configuration.
N/A - No automation script available.5. Verification / Validation
Confirm the fix by verifying the software version and checking for any unauthorized access attempts.
- Post-fix check: Verify the EyesOfNetwork software is running the latest version using the application’s UI or command line interface.
- Re-test: Re-run the initial detection methods (process checks, scanning) to confirm the vulnerability is no longer present.
- Smoke test: Ensure that any legitimate applications relying on the API continue to function as expected.
- Monitoring: Monitor application logs for unusual activity or access attempts.
ps -ef | grep eonapi6. Preventive Measures and Monitoring
Implement preventive measures such as regular security assessments and monitoring of network traffic.
- Baselines: Update your security baseline to include EyesOfNetwork software version requirements.
- Pipelines: Integrate vulnerability scanning into your CI/CD pipeline to identify potential issues early on.
- Asset and patch process: Establish a regular patch review cycle for all installed software, including EyesOfNetwork.
7. Risks, Side Effects, and Roll Back
Potential risks include service disruption during updates or uninstallation. A roll back plan involves restoring the backed-up configurations.
- Risk or side effect 1: Service interruption if the update fails. Mitigation: Test updates in a non-production environment first.
- Roll back: Restore the backed-up configurations and restart related services.
8. References and Resources
Refer to official EyesOfNetwork documentation for more information.
- Vendor advisory or bulletin: https://www.eyesofnetwork.com/en
- NVD or CVE entry: N/A – No specific CVE currently associated with this detection.
- Product or platform documentation relevant to the fix: https://github.com/EyesOfNetworkCommunity/eonapi