qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Cisco-CloudCenter-Suite-log...

130 lines
4.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Cisco CloudCenter Suite log4j2 Remote command execution vulnerability (CVE-2021-44228)",
"Description": "<p>Cisco CloudCenter Suite is a modular, self-managed, Kubernetes-based solution that provides all the benefits of microservice applications without the need for actual management.</p><p>Cisco CloudCenter Suite has a log4j2 remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.</p>",
"Product": "Cisco CloudCenter Suite",
"Homepage": "https://www.cisco.com/c/en/us/support/cloud-systems-management/cloudcenter-suite/series.html",
"DisclosureDate": "2021-12-23",
"Author": "fmbd",
"FofaQuery": "title=\"CloudCenter Suite\"",
"GobyQuery": "title=\"CloudCenter Suite\"",
"Level": "3",
"Impact": "<p>Cisco CloudCenter Suite has a log4j2 remote command execution vulnerability. Attackers can use this vulnerability to execute commands arbitrarily on the server side, write to the backdoor, obtain server permissions, and then control the entire web server.</p>",
"Recommendation": "<p>The supplier has released a solution, please upgrade to the new version:<a href=\"https://github.com/apache/logging-log4j2/tags/\" target=\"_blank\">https://github.com/apache/logging-log4j2/tags/</a></p><p>1. Deploy a web application firewall to monitor database operations.</p><p>2.If not necessary, prohibit public network access to the system.</p> ",
"Translation": {
"CN": {
"Name": "Cisco CloudCenter Suite log4j2 命令执行漏洞CVE-2021-44228",
"Product": "Cisco CloudCenter Suite",
"VulType": [
"命令执行"
],
"Tags": [
"命令执行"
],
"Description": "<p>Cisco CloudCenter Suite 是一个模块化的、自管理的、基于Kubernetes的解决方案它提供了微服务应用程序的所有好处而无需实际管理。<br></p><p>Cisco CloudCenter Suite&nbsp;存在 log4j2 命令执行漏洞攻击者可通过该漏洞在服务器端任意执行命令写入后门获取服务器权限进而控制整个web服务器。</p>",
"Impact": "<p>Cisco CloudCenter Suite&nbsp;存在 log4j2 命令执行漏洞攻击者可通过该漏洞在服务器端任意执行命令写入后门获取服务器权限进而控制整个web服务器。<br></p>",
"Recommendation": "<p>⼚商已发布了漏洞方案,请及时关注: <a href=\"https://github.com/apache/logging-log4j2/tags\">https://github.com/apache/logging-log4j2/tags</a></p><p></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
}
},
"References": [
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228",
"https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
],
"Is0day": false,
"HasExp": false,
"ExpParams": [],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-44228"
],
"CNNVD": [
"CNNVD-202112-799"
],
"CNVD": [
"CNVD-2021-95914"
],
"CVSSScore": "10.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink