Main Vulnerability Database Exploits ID:8892 - Exploit for OS Command Injection in Okta Access Gateway - CVE-2021-28113

ID:8892 - Exploit for OS Command Injection in Okta Access Gateway - CVE-2021-28113

Published: March 8, 2023

Vulnerability identifier: #VU73178

Vulnerability risk: Low

CVE-ID: CVE-2021-28113

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
Okta Access Gateway

Link to public exploit:

https://packetstormsecurity.com/files/download/163428/okta-gateway-rce.txt

Vulnerability description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the cookieDomain and relayDomain parameters in the "/api/v1/app/idp/" API endpoint. A remote privileged user can send a specially crafted HTTP POST request to the server and execute arbitrary OS commands on the target system.

Remediation

Install updates from vendor's website.

ID:8892 - Exploit for OS Command Injection in Okta Access Gateway - CVE-2021-28113

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human