VU#748485: Unauthenticated con... Note

VU#748485: Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting Component

A security flaw exists in the DRC INSIGHT software's configuration management endpoint. Unauthenticated users on the same network can modify the server's configuration file. This vulnerability, tracked as CVE-2026-5756, allows for potential data exfiltration, traffic redirection, or service disruption. The Central Office Services component of DRC INSIGHT, used to distribute testing content, exposes an administrative endpoint without proper authentication. Any device with network access can submit requests to this endpoint. Attackers could exploit this to redirect student data, such as test responses or audio recordings, to malicious external services. They might also intercept HTTPS traffic by inserting a malicious proxy setting. Malformed configuration changes could lead to service disruption, preventing the server from starting or interfering with active assessments. No patch is currently available from the vendor. Organizations should restrict network access to the COS server, placing it on an isolated network segment. Firewalls should limit access to the configuration endpoint, ideally to localhost or authorized administrative IPs. Outbound traffic should be restricted to approved destinations and monitored for suspicious activity. Administrators should enable logging and monitoring for requests to the configuration endpoint and unusual traffic patterns.