Cisco CloudCenter Suite is a modular, self-managed, Kubernetes-based solution that provides all the benefits of microservice applications without the need for actual management.
Cisco CloudCenter Suite has a log4j2 remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.
", "Product": "Cisco CloudCenter Suite", "Homepage": "https://www.cisco.com/c/en/us/support/cloud-systems-management/cloudcenter-suite/series.html", "DisclosureDate": "2021-12-23", "Author": "fmbd", "FofaQuery": "title=\"CloudCenter Suite\"", "GobyQuery": "title=\"CloudCenter Suite\"", "Level": "3", "Impact": "Cisco CloudCenter Suite has a log4j2 remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.
", "Recommendation": "The supplier has released a solution, please upgrade to the new version:https://github.com/apache/logging-log4j2/tags/
1. Deploy a web application firewall to monitor database operations.
2.If not necessary, prohibit public network access to the system.
", "Translation": { "CN": { "Name": "Cisco CloudCenter Suite log4j2 命令执行漏洞(CVE-2021-44228)", "Product": "Cisco CloudCenter Suite", "VulType": [ "命令执行" ], "Tags": [ "命令执行" ], "Description": "Cisco CloudCenter Suite 是一个模块化的、自管理的、基于Kubernetes的解决方案,它提供了微服务应用程序的所有好处,而无需实际管理。
Cisco CloudCenter Suite 存在 log4j2 命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行命令,写入后门,获取服务器权限,进而控制整个web服务器。
", "Impact": "Cisco CloudCenter Suite 存在 log4j2 命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行命令,写入后门,获取服务器权限,进而控制整个web服务器。
⼚商已发布了漏洞方案,请及时关注: https://github.com/apache/logging-log4j2/tags
1、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。
2、如⾮必要,禁⽌公⽹访问该系统。
" } }, "References": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228", "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" ], "Is0day": false, "HasExp": false, "ExpParams": [], "ExpTips": { "Type": "", "Content": "" }, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "Tags": [ "rce" ], "VulType": [ "rce" ], "CVEIDs": [ "CVE-2021-44228" ], "CNNVD": [ "CNNVD-202112-799" ], "CNVD": [ "CNVD-2021-95914" ], "CVSSScore": "10.0", "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null } }