From bdb372cfb4d1d374f6c413b6c3237e9cd51fdb86 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Mon, 23 May 2022 17:29:29 -0400
Subject: [PATCH 1/2] Dashboard Content Enhancements (#4475)

Dashboard Content Enhancements
---
 exposed-panels/circarlife-setup.yaml                | 10 ++++++++--
 misconfiguration/unauthorized-plastic-scm.yaml      |  9 ++++++++-
 network/ftp-weak-credentials.yaml                   | 12 ++++++++++--
 network/vsftpd-detection.yaml                       | 11 ++++++++++-
 vulnerabilities/apache/apache-flink-unauth-rce.yaml | 12 ++++++++++--
 5 files changed, 46 insertions(+), 8 deletions(-)

diff --git a/exposed-panels/circarlife-setup.yaml b/exposed-panels/circarlife-setup.yaml
index 7f06746f27..95c35c7395 100644
--- a/exposed-panels/circarlife-setup.yaml
+++ b/exposed-panels/circarlife-setup.yaml
@@ -1,12 +1,16 @@
 id: circarlife-setup
 
 info:
-  name: Exposed CirCarLife Setup Page
+  name: CirCarLife - Admin Panel Access
   author: geeknik
   severity: critical
-  description: CirCarLife is an internet-connected electric vehicle charging station
+  description: A CirCarLife admin panel was accessed. CirCarLife is an internet-connected electric vehicle charging station
   reference:
     - https://circontrol.com/
+  classification:
+    cvss-metrics: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cwe-id: CWE-288
   tags: scada,circontrol,circarlife,setup,exposure,panel
 
 requests:
@@ -29,3 +33,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/23
diff --git a/misconfiguration/unauthorized-plastic-scm.yaml b/misconfiguration/unauthorized-plastic-scm.yaml
index 9a5dc4dc7a..7431f84fe0 100644
--- a/misconfiguration/unauthorized-plastic-scm.yaml
+++ b/misconfiguration/unauthorized-plastic-scm.yaml
@@ -1,11 +1,16 @@
 id: unauthorized-plastic-scm
 
 info:
-  name: Unauthorized Access to Plastic Admin Console
+  name: Plastic Admin Console - Authentication Bypass
   author: DEENA
   severity: critical
+  description: A Plastic Admin console was discovered.
   reference:
     - https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468
+  classification:
+    cvss-metrics: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cwe-id: CWE-288
   tags: plastic
 
 requests:
@@ -48,3 +53,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/23
diff --git a/network/ftp-weak-credentials.yaml b/network/ftp-weak-credentials.yaml
index a3c092e56a..b93671d3bb 100644
--- a/network/ftp-weak-credentials.yaml
+++ b/network/ftp-weak-credentials.yaml
@@ -1,9 +1,15 @@
 id: ftp-weak-credentials
 
 info:
-  name: FTP Service with weak credentials
+  name: FTP Service - Credential Weakness
   author: pussycat0x
-  severity: critical
+  severity: high
+  description: An FTP service was accessed with easily guessed credentials.
+  reference:
+    - https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/sitedefaults/ftpserver/security/authentication/
+  classification:
+    cvss-score: 8.5
+    cvss-metrics: 3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
   tags: network,ftp,default-login,service
 
 network:
@@ -33,3 +39,5 @@ network:
       - type: word
         words:
           - "230 Login successful"
+
+# Enhanced by mp on 2022/05/23
diff --git a/network/vsftpd-detection.yaml b/network/vsftpd-detection.yaml
index 79f93defe0..a68bd2922d 100644
--- a/network/vsftpd-detection.yaml
+++ b/network/vsftpd-detection.yaml
@@ -1,11 +1,18 @@
 id: vsftpd-detection
 
 info:
-  name: VSFTPD v2.3.4 Backdoor Command Execution
+  name: VSFTPD 2.3.4 - Backdoor Command Execution
   author: pussycat0x
   severity: critical
+  description: VSFTPD 2.3.4 contains a backdoor command execution vulnerability.
   reference:
     - https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id:
+    cwe-id: CWE-78
+  remediation: This backdoor was removed on July 3rd, 2011.
   tags: network,vsftpd,ftp,backdoor
 
 network:
@@ -20,3 +27,5 @@ network:
       - type: word
         words:
           - "vsFTPd 2.3.4"
+
+# Enhanced by mp on 2022/05/23
diff --git a/vulnerabilities/apache/apache-flink-unauth-rce.yaml b/vulnerabilities/apache/apache-flink-unauth-rce.yaml
index 1d02291740..782eea435d 100644
--- a/vulnerabilities/apache/apache-flink-unauth-rce.yaml
+++ b/vulnerabilities/apache/apache-flink-unauth-rce.yaml
@@ -1,13 +1,19 @@
 id: apache-flink-unauth-rce
 
 info:
-  name: Apache Flink Unauth RCE
+  name: Apache Flink - Remote Code Execution
   author: pikpikcu
   severity: critical
-  reference:
+  description: Apache Flink
+  reference: Apache Flink contains an unauthenticated remote code execution vulnerability.
     - https://www.exploit-db.com/exploits/48978
     - https://adamc95.medium.com/apache-flink-1-9-x-part-1-set-up-5d85fd2770f3
     - https://github.com/LandGrey/flink-unauth-rce
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10.0
+    cve-id:
+    cwe-id: CWE-77
   tags: apache,flink,rce,intrusive,unauth
 
 requests:
@@ -40,3 +46,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/23