2021-03-27 21:22:33 +00:00
|
|
|
id: CVE-2017-17562
|
|
|
|
|
|
|
|
info:
|
2022-06-19 15:17:21 +00:00
|
|
|
name: Embedthis GoAhead <3.6.5 - Remote Code Execution
|
2021-03-27 21:22:33 +00:00
|
|
|
author: geeknik
|
2022-04-22 10:38:41 +00:00
|
|
|
severity: high
|
2022-06-20 16:08:41 +00:00
|
|
|
description: |
|
|
|
|
description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
|
2023-09-06 13:22:34 +00:00
|
|
|
remediation: |
|
|
|
|
Upgrade to Embedthis GoAhead version 3.6.5 or later to mitigate this vulnerability.
|
2021-08-18 11:37:49 +00:00
|
|
|
reference:
|
2021-03-27 21:22:33 +00:00
|
|
|
- https://www.elttam.com/blog/goahead/
|
|
|
|
- https://github.com/ivanitlearning/CVE-2017-17562
|
2021-04-01 07:58:30 +00:00
|
|
|
- https://github.com/vulhub/vulhub/tree/master/goahead/CVE-2017-17562
|
2022-05-17 09:18:12 +00:00
|
|
|
- https://github.com/embedthis/goahead/issues/249
|
2022-06-19 15:17:21 +00:00
|
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2017-17562
|
2021-09-10 11:26:40 +00:00
|
|
|
classification:
|
|
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
2022-04-22 10:38:41 +00:00
|
|
|
cvss-score: 8.1
|
2021-09-10 11:26:40 +00:00
|
|
|
cve-id: CVE-2017-17562
|
|
|
|
cwe-id: CWE-20
|
2023-10-22 12:16:24 +00:00
|
|
|
epss-score: 0.97454
|
2023-10-26 18:00:24 +00:00
|
|
|
epss-percentile: 0.99943
|
2023-09-06 13:22:34 +00:00
|
|
|
cpe: cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:*
|
2023-04-28 08:11:21 +00:00
|
|
|
metadata:
|
|
|
|
max-request: 65
|
2023-07-11 19:49:27 +00:00
|
|
|
vendor: embedthis
|
|
|
|
product: goahead
|
|
|
|
tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub
|
2021-03-27 21:22:33 +00:00
|
|
|
|
2023-04-27 04:28:59 +00:00
|
|
|
http:
|
2021-08-22 18:09:33 +00:00
|
|
|
- raw:
|
|
|
|
- |
|
2021-09-08 12:17:19 +00:00
|
|
|
GET /cgi-bin/{{endpoint}}?LD_DEBUG=help HTTP/1.1
|
2021-08-22 18:09:33 +00:00
|
|
|
Host: {{Hostname}}
|
|
|
|
Accept: */*
|
|
|
|
|
|
|
|
payloads:
|
2021-03-27 21:22:33 +00:00
|
|
|
endpoint:
|
|
|
|
- admin
|
|
|
|
- apply
|
|
|
|
- non-CA-rev
|
|
|
|
- cgitest
|
|
|
|
- checkCookie
|
|
|
|
- check_user
|
|
|
|
- chn/liveView
|
|
|
|
- cht/liveView
|
|
|
|
- cnswebserver
|
|
|
|
- config
|
|
|
|
- configure/set_link_neg
|
|
|
|
- configure/swports_adjust
|
|
|
|
- eng/liveView
|
|
|
|
- firmware
|
|
|
|
- getCheckCode
|
|
|
|
- get_status
|
|
|
|
- getmac
|
|
|
|
- getparam
|
|
|
|
- guest/Login
|
|
|
|
- home
|
|
|
|
- htmlmgr
|
|
|
|
- index
|
|
|
|
- index/login
|
|
|
|
- jscript
|
|
|
|
- kvm
|
|
|
|
- liveView
|
|
|
|
- login
|
|
|
|
- login.asp
|
|
|
|
- login/login
|
|
|
|
- login/login-page
|
|
|
|
- login_mgr
|
|
|
|
- luci
|
|
|
|
- main
|
|
|
|
- main-cgi
|
|
|
|
- manage/login
|
|
|
|
- menu
|
|
|
|
- mlogin
|
|
|
|
- netbinary
|
|
|
|
- nobody/Captcha
|
|
|
|
- nobody/VerifyCode
|
|
|
|
- normal_userLogin
|
|
|
|
- otgw
|
|
|
|
- page
|
|
|
|
- rulectl
|
|
|
|
- service
|
|
|
|
- set_new_config
|
|
|
|
- sl_webviewer
|
|
|
|
- ssi
|
|
|
|
- status
|
|
|
|
- sysconf
|
|
|
|
- systemutil
|
|
|
|
- t/out
|
|
|
|
- top
|
|
|
|
- unauth
|
|
|
|
- upload
|
|
|
|
- variable
|
|
|
|
- wanstatu
|
|
|
|
- webcm
|
|
|
|
- webmain
|
|
|
|
- webproc
|
|
|
|
- webscr
|
|
|
|
- webviewLogin
|
|
|
|
- webviewLogin_m64
|
|
|
|
- webviewer
|
|
|
|
- welcome
|
2021-09-02 11:59:10 +00:00
|
|
|
stop-at-first-match: true
|
2023-07-11 19:49:27 +00:00
|
|
|
|
2021-03-27 21:22:33 +00:00
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
2021-03-29 20:04:26 +00:00
|
|
|
- "environment variable"
|
2022-06-19 15:17:21 +00:00
|
|
|
- "display library search paths"
|
2022-06-20 16:08:41 +00:00
|
|
|
condition: and
|
2022-06-19 15:17:21 +00:00
|
|
|
|
2022-06-20 16:08:41 +00:00
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|
2023-10-27 06:32:23 +00:00
|
|
|
# digest: 4a0a00473045022100c1c7e77da180146a9b09d054620d96295a00dfb3567af494577a8bc706ff302c02204f7774e1b13a5353ce18cbdbc28fdf6e31211500e105ef26b6d253ea6e3aae35:922c64590222798bb761d5b6d8e72950
|