OS Command Injection in Zeroshell - CVE-2019-12725
Published: July 23, 2019 / Updated: September 22, 2021
Vulnerability identifier: #VU19316
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Red
CVE-ID: CVE-2019-12725
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: ZeroShell
Affected software:
Zeroshell
Zeroshell
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to the some parameters inside a script are used without a properly sanitization. A remote unauthenticated attacker can inject OS commands inside the vulnerable parameters and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Example of vulnerable parameters:
/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509view&User=Admin&x509type='%0Auname -a%0A'
/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type='%0A/etc/sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=id%0A'
How to mitigate CVE-2019-12725
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.