VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability

Document Title:

===============

VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability

 

 

References (Source):

====================

https://www.securifera.com/advisories/cve-2021-27198/

https://myconnectionserver.visualware.com/download.html

 

Release Date:

=============

2020-02-25

 

Product & Service Introduction:

===============================

MCS tests, measures & reports the performance and health of any network
connection, LAN or WAN. MCS is an access everywhere web based enterprise
solution.

 

 

Vulnerability Information:

==============================

Class: CWE-434: Unrestricted Upload of File with Dangerous Type

Impact: Remote Code Execution

Remotely Exploitable: Yes

Locally Exploitable: Yes

CVE Name: CVE-2021-27198

 

Vulnerability Description:

==============================

An unauthenticated remote code execution vulnerability was discovered in
Visualware MyConnection Server 11.0 through 11.0b build 5382. The web
endpoint at "https://example.com/myspeed/sf" provides an unauthenticated
user the ability to upload an arbitrary file to an arbitrary location via a
specially crafted POST request. This application is written in Java and is
thus cross-platform. The Windows installation executes the web server as
SYSTEM which means that exploitation provides Administrator privileges on
the target system.

 

Vulnerability Disclosure Timeline:

==================================

2021-01-11: Contacted VisualWare About Issue via Website Contact Form

2021-02-03: Emailed Multiple VisualWare POCs Requesting Disclosure
Assistance

2021-02-11: Requested CVE from MITRE for vulnerability

2021-02-12: Messaged Lead VisualWare Developer on LinkedIn After Seeing They
Had Looked At My Profile. I assume because of my attempts to contact them

2021-02-18: Notified VisualWare About Issue Again via Website Contact Form
And Notified Them I Would be Disclosing if they did not respond

2021-02-25: Publicly releasing vulnerability because company refuses to
respond to any attempts to coordinate disclsoure

 

 

Affected Product(s):

====================

VisualWare MyConnection Server 11.0 through 11.0b build 5382

 

Severity Level:

===============

High

 

Proof of Concept (PoC):

=======================

A proof of concept will not be provided at this time.

 

Solution - Fix & Patch:

=======================

None

 

Security Risk:

==============

The security risk of this remote code execution vulnerability is estimated
as high. (CVSS 10.0)

 

Credits & Authors:

==================

Securifera, Inc - b0yd (@rwincey)