CVE-2023-28130 – Hostname injection leads to Remote Code Execution RCE (Authenticated)

渗透技巧 10个月前 admin
276 0 0
Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)
Product: Gaia Portal
Vendor: Checkpoint
Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198
Tested Version: R81.10 (take 335)
Advisory Publication: July 27, 2023
Latest Update: July 72, 2023
Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]
CVE Reference: CVE-2023-28130
CVSS Severity: High
Impact score: 8.4
Credit: Rick Verdoes & Danny de Weille (Hackify |

Check Point Gaia Portal is an advanced web-based interface designed for the configuration of the Gaia platform, a 
security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. The Gaia 
Portal allows for nearly all system configuration tasks to be performed through this interface.

Check Point Gaia Portal has a vulnerability which allows an authenticated user with write permissions on the DNS 
settings to inject commands in a cgi script, leading to remote code execution on the operating system. The 
vulnerability lies in the parameter hostname in the web request /cgi-bin/hosts_dns.tcl, which is susceptible to command 
injection. This can be exploited by any user with a valid session, as long as the user has write permissions on the DNS 
settings. The injected commands are executed by the user 'Admin'.

 III. Proof of Concept

 IV. Impact
Successful exploitation allows a remote authenticated attacker to execute commands on the operating system.

 V. References
Security advisories:

Sent through the Full Disclosure mailing list
Web Archives & RSS:

原文始发于seclists:CVE-2023-28130 – Hostname injection leads to Remote Code Execution RCE (Authenticated)

版权声明:admin 发表于 2023年8月2日 下午8:02。
转载请注明:CVE-2023-28130 – Hostname injection leads to Remote Code Execution RCE (Authenticated) | CTF导航