VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability

2021-02-26T00:00:00

Description

{"id": "1337DAY-ID-35876", "vendorId": null, "type": "zdt", "bulletinFamily": "exploit", "title": "VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability", "description": "", "published": "2021-02-26T00:00:00", "modified": "2021-02-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://0day.today/exploit/description/35876", "reporter": "Ryan Wincey", "references": [], "cvelist": ["CVE-2021-27198"], "immutableFields": [], "lastseen": "2021-12-23T07:22:27", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27198"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:161571"]}], "rev": 4}, "score": {"value": 7.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-27198"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:161571"]}, {"type": "threatpost", "idList": ["THREATPOST:5D5241707AB76ED799696E37D048872A", "THREATPOST:7876640D5EC3E8FE3FE885606BBB1C6D"]}]}, "exploitation": null, "vulnersScore": 7.4}, "sourceHref": "https://0day.today/exploit/35876", "sourceData": "Document Title:\n\n===============\n\nVisualWare MyConnection Server 11.x Remote Code Execution Vulnerability\n\n \n\n \n\nReferences (Source):\n\n====================\n\nhttps://www.securifera.com/advisories/cve-2021-27198/\n\nhttps://myconnectionserver.visualware.com/download.html\n\n \n\nRelease Date:\n\n=============\n\n2020-02-25\n\n \n\nProduct & Service Introduction:\n\n===============================\n\nMCS tests, measures & reports the performance and health of any network\nconnection, LAN or WAN. MCS is an access everywhere web based enterprise\nsolution.\n\n \n\n \n\nVulnerability Information:\n\n==============================\n\nClass: CWE-434: Unrestricted Upload of File with Dangerous Type\n\nImpact: Remote Code Execution\n\nRemotely Exploitable: Yes\n\nLocally Exploitable: Yes\n\nCVE Name: CVE-2021-27198\n\n \n\nVulnerability Description:\n\n==============================\n\nAn unauthenticated remote code execution vulnerability was discovered in\nVisualware MyConnection Server 11.0 through 11.0b build 5382. The web\nendpoint at \"https://example.com/myspeed/sf\" provides an unauthenticated\nuser the ability to upload an arbitrary file to an arbitrary location via a\nspecially crafted POST request. This application is written in Java and is\nthus cross-platform. The Windows installation executes the web server as\nSYSTEM which means that exploitation provides Administrator privileges on\nthe target system.\n\n \n\nVulnerability Disclosure Timeline:\n\n==================================\n\n2021-01-11: Contacted VisualWare About Issue via Website Contact Form\n\n2021-02-03: Emailed Multiple VisualWare POCs Requesting Disclosure\nAssistance\n\n2021-02-11: Requested CVE from MITRE for vulnerability\n\n2021-02-12: Messaged Lead VisualWare Developer on LinkedIn After Seeing They\nHad Looked At My Profile. I assume because of my attempts to contact them\n\n2021-02-18: Notified VisualWare About Issue Again via Website Contact Form\nAnd Notified Them I Would be Disclosing if they did not respond\n\n2021-02-25: Publicly releasing vulnerability because company refuses to\nrespond to any attempts to coordinate disclsoure\n\n \n\n \n\nAffected Product(s):\n\n====================\n\nVisualWare MyConnection Server 11.0 through 11.0b build 5382\n\n \n\nSeverity Level:\n\n===============\n\nHigh\n\n \n\nProof of Concept (PoC):\n\n=======================\n\nA proof of concept will not be provided at this time.\n\n \n\nSolution - Fix & Patch:\n\n=======================\n\nNone\n\n \n\nSecurity Risk:\n\n==============\n\nThe security risk of this remote code execution vulnerability is estimated\nas high. (CVSS 10.0)\n\n \n\nCredits & Authors:\n\n==================\n\nSecurifera, Inc - b0yd (@rwincey)\n", "category": "remote exploits", "verified": true, "_state": {"dependencies": 1647589307, "score": 0}}

{"cve": [{"lastseen": "2022-03-23T15:58:59", "description": "An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-26T23:15:00", "type": "cve", "title": "CVE-2021-27198", "cwe": ["CWE-434"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27198"], "modified": "2021-09-14T16:39:00", "cpe": [], "id": "CVE-2021-27198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27198", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "packetstorm": [{"lastseen": "2021-02-26T16:39:39", "description": "", "cvss3": {}, "published": "2021-02-26T00:00:00", "type": "packetstorm", "title": "VisualWare MyConnection Server 11.x Remote Code Execution", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-27198"], "modified": "2021-02-26T00:00:00", "id": "PACKETSTORM:161571", "href": "https://packetstormsecurity.com/files/161571/VisualWare-MyConnection-Server-11.x-Remote-Code-Execution.html", "sourceData": "`Document Title: \n \n=============== \n \nVisualWare MyConnection Server 11.x Remote Code Execution Vulnerability \n \n \n \n \n \nReferences (Source): \n \n==================== \n \nhttps://www.securifera.com/advisories/cve-2021-27198/ \n \nhttps://myconnectionserver.visualware.com/download.html \n \n \n \nRelease Date: \n \n============= \n \n2020-02-25 \n \n \n \nProduct & Service Introduction: \n \n=============================== \n \nMCS tests, measures & reports the performance and health of any network \nconnection, LAN or WAN. MCS is an access everywhere web based enterprise \nsolution. \n \n \n \n \n \nVulnerability Information: \n \n============================== \n \nClass: CWE-434: Unrestricted Upload of File with Dangerous Type \n \nImpact: Remote Code Execution \n \nRemotely Exploitable: Yes \n \nLocally Exploitable: Yes \n \nCVE Name: CVE-2021-27198 \n \n \n \nVulnerability Description: \n \n============================== \n \nAn unauthenticated remote code execution vulnerability was discovered in \nVisualware MyConnection Server 11.0 through 11.0b build 5382. The web \nendpoint at \"https://example.com/myspeed/sf\" provides an unauthenticated \nuser the ability to upload an arbitrary file to an arbitrary location via a \nspecially crafted POST request. This application is written in Java and is \nthus cross-platform. The Windows installation executes the web server as \nSYSTEM which means that exploitation provides Administrator privileges on \nthe target system. \n \n \n \nVulnerability Disclosure Timeline: \n \n================================== \n \n2021-01-11: Contacted VisualWare About Issue via Website Contact Form \n \n2021-02-03: Emailed Multiple VisualWare POCs Requesting Disclosure \nAssistance \n \n2021-02-11: Requested CVE from MITRE for vulnerability \n \n2021-02-12: Messaged Lead VisualWare Developer on LinkedIn After Seeing They \nHad Looked At My Profile. I assume because of my attempts to contact them \n \n2021-02-18: Notified VisualWare About Issue Again via Website Contact Form \nAnd Notified Them I Would be Disclosing if they did not respond \n \n2021-02-25: Publicly releasing vulnerability because company refuses to \nrespond to any attempts to coordinate disclsoure \n \n \n \n \n \nAffected Product(s): \n \n==================== \n \nVisualWare MyConnection Server 11.0 through 11.0b build 5382 \n \n \n \nSeverity Level: \n \n=============== \n \nHigh \n \n \n \nProof of Concept (PoC): \n \n======================= \n \nA proof of concept will not be provided at this time. \n \n \n \nSolution - Fix & Patch: \n \n======================= \n \nNone \n \n \n \nSecurity Risk: \n \n============== \n \nThe security risk of this remote code execution vulnerability is estimated \nas high. (CVSS 10.0) \n \n \n \nCredits & Authors: \n \n================== \n \nSecurifera, Inc - b0yd (@rwincey) \n \n \n \nDisclaimer & Information: \n \n========================= \n \nThe information provided in this advisory is provided as it is without any \nwarranty. Securifera disclaims all \n \nwarranties, either expressed or implied, \n \nincluding the warranties of merchantability and capability for a particular \npurpose. Securifera is not liable in any \n \ncase of damage, \n \nincluding direct, indirect, incidental, consequential loss of business \nprofits or special damages, even if Securifera \n \nor its suppliers have been advised \n \nof the possibility of such damages. Some states do not allow the exclusion \nor limitation of liability for consequential \n \nor incidental damages so the foregoing \n \nlimitation may not apply. We do not approve or encourage anybody to break \nany licenses, policies, or hack into any \n \nsystems. \n \n \n \nDomains: www.securifera.com \n \nContact: contact [at] securifera [dot] com \n \nSocial: twitter.com/securifera \n \n \n \nCopyright C 2021 | Securifera, Inc \n \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/161571/visualwaremyconn11-exec.txt", "cvss": {"score": 0.0, "vector": "NONE"}}]}

VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability

Description

Related