Executive Summary

CVE-2025-34156 is a vulnerability in Tibbo AggreGate Network Manager versions prior to 6.40.05 where an unauthenticated endpoint (/cwmp/happyaxis.jsp) exposes sensitive system information such as Java system properties, server path details, and version information. This information disclosure can be accessed by unauthorized users and may help attackers gain critical system details to facilitate further attacks. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by exposing sensitive system information to unauthorized users without requiring any authentication. Attackers can use this information to better understand the system environment, which could aid in planning and executing further attacks, potentially leading to system compromise or disruption of the network management services. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the unauthenticated endpoint /cwmp/happyaxis.jsp on the Tibbo AggreGate Network Manager server. If the endpoint is accessible and returns Java system properties, server path details, or version information without authentication, the system is vulnerable. A simple command to check this is using curl or wget to fetch the page, for example: curl http://<server-ip>/cwmp/happyaxis.jsp or wget -qO- http://<server-ip>/cwmp/happyaxis.jsp. If sensitive information is returned, the vulnerability is present. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading Tibbo AggreGate Network Manager to version 6.40.05 or later, where the vulnerability is fixed. Until the upgrade can be applied, restrict access to the /cwmp/happyaxis.jsp endpoint by implementing network-level controls such as firewall rules or access control lists to block unauthorized access. Additionally, monitor access logs for any attempts to reach this endpoint and consider disabling or restricting the affected service if possible. [1]

Useful 0 Not Useful 0