daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2019/CVE-2019-12990.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-12 14:06:25 -04:00
parent 99bc840ecc
commit 4ef846aa1d
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2019/CVE-2019-12990.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-12990
info:
name: Citrix SD-WAN Center - Unauthenticated Directory Traversal File Write
name: Citrix SD-WAN Center - Local File Inclusion
author: gy741
severity: critical
description: |
The applianceSettingsFileTransfer action in ApplianceSettingsController is susceptible to directory traversal by a remote, unauthenticated attacker. Specifically, the applianceSettingsFileTransfer function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a file system path. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted values for filename, filedata, and workspace_id. This vulnerability can be exploited to write files to locations writable by the www-data user. Furthermore, an attacker could write a crafted PHP file to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code.
Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this vulnerability by routing traffic through the Collector controller and supplying a crafted value for filename, filedata, and workspace_id, therefore being able to write files to locations writable by the www-data user and/or to write a crafted PHP file to /home/talariuser/www/app/webroot/files/ to execute arbitrary PHP code.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2019-12990
- https://www.tenable.com/security/research/tra-2019-31
- https://support.citrix.com/search?searchQuery=*&lang=en&sort=relevance&prod=&pver=&ct=Security+Bulletin
- https://nvd.nist.gov/vuln/detail/CVE-2019-12990
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -44,3 +44,5 @@ requests:
- 'status_code_3 == 200'
- 'contains(body_1, "<title>Citrix SD-WAN</title>")'
condition: and
# Enhanced by md on 2023/04/12