#VU19316 OS Command Injection in Zeroshell - CVE-2019-12725
Published: July 23, 2019 / Updated: September 22, 2021
Vulnerability identifier: #VU19316
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Red
CVE-ID: CVE-2019-12725
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Zeroshell
Zeroshell
Software vendor:
ZeroShell
ZeroShell
Description
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to the some parameters inside a script are used without a properly sanitization. A remote unauthenticated attacker can inject OS commands inside the vulnerable parameters and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Example of vulnerable parameters:
/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509view&User=Admin&x509type='%0Auname -a%0A'
/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type='%0A/etc/sudo tar -cf /dev/null /dev/null --checkpoint=1 --checkpoint-action=exec=id%0A'
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.