qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Citrix-ShareFile-Storage-RC...

69 lines
3.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Citrix ShareFile Storage RCE (CVE-2021-22941)",
"Description": "<p>Citrix Systems Citrix ShareFile is a file sharing system of the American Citrix Systems company.</p><p>Citrix ShareFile Storage has security vulnerabilities. Attackers can overwrite the original files and execute arbitrary commands to control server permissions.</p>",
"Product": "Citrix ShareFile Storage",
"Homepage": "https://www.citrix.com",
"DisclosureDate": "2021-12-01",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"ShareFile Storage Server\"",
"GobyQuery": "body=\"ShareFile Storage Server\"",
"Level": "3",
"Impact": "<p>Citrix ShareFile Storage has security vulnerabilities. Attackers can overwrite the original files and execute arbitrary commands to control server permissions.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://support.citrix.com/article/CTX328123\">https://support.citrix.com/article/CTX328123</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Citrix ShareFile Storage 文件共享系统任意代码执行CVE-2021-22941",
"VulType": ["代码执行"],
"Tags": ["代码执行"],
"Description": "<p>Citrix Systems Citrix ShareFile是美国思杰系统Citrix Systems公司的一套文件共享系统。</p><p>Citrix ShareFile Storage存在安全漏洞。攻击者可覆盖原有文件执行任意命令控制服务器权限。</p>",
"Impact": "<p>Citrix ShareFile Storage存在安全漏洞。攻击者可覆盖原有文件执行任意命令控制服务器权限。</p>",
"Product": "Citrix ShareFile Storage",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://support.citrix.com/article/CTX328123\">https://support.citrix.com/article/CTX328123</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Citrix ShareFile Storage RCE (CVE-2021-22941)",
"VulType": ["rce"],
"Tags": ["rce"],
"Description": "<p>Citrix Systems Citrix ShareFile is a file sharing system of the American Citrix Systems company.</p><p>Citrix ShareFile Storage has security vulnerabilities. Attackers can overwrite the original files and execute arbitrary commands to control server permissions.</p>",
"Impact": "<p>Citrix ShareFile Storage has security vulnerabilities. Attackers can overwrite the original files and execute arbitrary commands to control server permissions.</p>",
"Product": "Citrix ShareFile Storage",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://support.citrix.com/article/CTX328123\">https://support.citrix.com/article/CTX328123</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://codewhitesec.blogspot.com/2021/09/citrix-sharefile-rce-cve-2021-22941.html"
],
"HasExp": true,
"ExpParams": [
{
"name": "dnslog",
"type": "input",
"value": "ping xxx.dnslog.cn"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-22941"
],
"CVSSScore": "9.8",
"AttackSurfaces": {
"Application": ["Citrix ShareFile Storage"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-202109-1001"
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink