🔥 Add CVE-2020-9047
Dwi Siswanto
parent
ffedf2c3fb
commit
d7fa08cb67
|
|
@ -0,0 +1,58 @@
|
|||
id: cve-2020-9047
|
||||
|
||||
info:
|
||||
name: exacqVision Web Service RCE
|
||||
author: dwisiswant0
|
||||
severity: high
|
||||
description: |
|
||||
This template supports the detection part only. See references.
|
||||
|
||||
A vulnerability exists that could allow the execution of
|
||||
unauthorized code or operating system commands on systems
|
||||
running exacqVision Web Service versions 20.06.3.0 and prior
|
||||
and exacqVision Enterprise Manager versions 20.06.4.0 and prior.
|
||||
|
||||
An attacker with administrative privileges could potentially
|
||||
download and run a malicious executable that
|
||||
could allow OS command injection on the system.
|
||||
|
||||
Source/References:
|
||||
- https://github.com/norrismw/CVE-2020-9047
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/version.web"
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "3.10.4.72058"
|
||||
- "3.12.4.76544"
|
||||
- "3.8.2.67295"
|
||||
- "7.0.2.81005"
|
||||
- "7.2.7.86974"
|
||||
- "7.4.3.89785"
|
||||
- "7.6.4.94391"
|
||||
- "7.8.2.97826"
|
||||
- "8.0.6.105408"
|
||||
- "8.2.2.107285"
|
||||
- "8.4.3.111614"
|
||||
- "8.6.3.116175"
|
||||
- "8.8.1.118913"
|
||||
- "9.0.3.124620"
|
||||
- "9.2.0.127940"
|
||||
- "9.4.3.137684"
|
||||
- "9.6.7.145949"
|
||||
- "9.8.4.149166"
|
||||
- "19.03.3.152166"
|
||||
- "19.06.4.157118"
|
||||
- "19.09.4.0"
|
||||
- "19.12.2.0"
|
||||
- "20.03.2.0"
|
||||
- "20.06.3.0"
|
||||
condition: or
|
||||
part: body
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
Loading…
Reference in New Issue