unauthorized Puppet Node Manager (#3388)

* Add files via upload * Update unauthorized-puppet-node-manager-detect.yaml * Add files via upload * Add files via upload * Update CVE-2021-40859.yaml * misc updates * minor updates Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-12-22 12:16:05 +05:30 · 2021-12-22 12:16:05 +05:30 · 8a77db7919
parent a511dac237
commit 8a77db7919
3 changed files with 84 additions and 0 deletions
--- a/cves/2021/CVE-2021-40859.yaml
+++ b/cves/2021/CVE-2021-40859.yaml
@ -0,0 +1,36 @@
+id: CVE-2021-40859
+
+info:
+  name: CVE-2021-40859
+  author: pussycat0x
+  severity: critical
+  description: unauthenticated endpoint ("https://192.168.1[.]2/about_state"), enabling the bad actor to gain access to a web interface that allows for resetting the administrator password.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-40859
+    - https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html
+  metadata:
+    fofa-dork: '"auerswald"'
+  tags: cve,cve2021,iot,unauth,voip
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/about_state"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"pbx"'
+          - '"dongleStatus":0'
+          - '"macaddr"'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
+      - type: status
+        status:
+          - 200
--- a/misconfiguration/unauthorized-puppet-node-manager-detect.yaml
+++ b/misconfiguration/unauthorized-puppet-node-manager-detect.yaml
@ -0,0 +1,24 @@
+id: unauthorized-puppet-node-manager
+
+info:
+  name: Pupet Node Manager
+  author: pussycat0x
+  severity: medium
+  metadata:
+    fofa-dork: 'app="puppet-Node-Manager"'
+  tags: node,misconfig
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<a href="/nodes">Nodes</a>'
+
+      - type: status
+        status:
+          - 200
--- a/technologies/puppet-node-manager-detect.yaml
+++ b/technologies/puppet-node-manager-detect.yaml
@ -0,0 +1,24 @@
+id: puppet-node-manager-detect
+
+info:
+  name: Puppet Node Manager
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="puppet-Node-Manager"'
+  tags: node,tech
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Puppet Node Manager</title>'
+
+      - type: status
+        status:
+          - 200