id: cve-2020-9047

info:
  name: exacqVision Web Service RCE
  author: dwisiswant0
  severity: high
  description: |
    This template supports the detection part only. See references.

    A vulnerability exists that could allow the execution of
    unauthorized code or operating system commands on systems
    running exacqVision Web Service versions 20.06.3.0 and prior
    and exacqVision Enterprise Manager versions 20.06.4.0 and prior.

    An attacker with administrative privileges could potentially
    download and run a malicious executable that
    could allow OS command injection on the system.

    Source/References:
    - https://github.com/norrismw/CVE-2020-9047

requests:
  - method: GET
    path:
      - "{{BaseURL}}/version.web"
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "3.10.4.72058"
          - "3.12.4.76544"
          - "3.8.2.67295"
          - "7.0.2.81005"
          - "7.2.7.86974"
          - "7.4.3.89785"
          - "7.6.4.94391"
          - "7.8.2.97826"
          - "8.0.6.105408"
          - "8.2.2.107285"
          - "8.4.3.111614"
          - "8.6.3.116175"
          - "8.8.1.118913"
          - "9.0.3.124620"
          - "9.2.0.127940"
          - "9.4.3.137684"
          - "9.6.7.145949"
          - "9.8.4.149166"
          - "19.03.3.152166"
          - "19.06.4.157118"
          - "19.09.4.0"
          - "19.12.2.0"
          - "20.03.2.0"
          - "20.06.3.0"
        condition: or
        part: body
      - type: status
        status:
          - 200