8c78d80c78
7 changes to exploits/shellcodes/ghdb Karaf v4.4.3 Console - RCE Nokia BMC Log Scanner - Remote Code Execution vm2 - sandbox escape UPS Network Management Card 4 - Path Traversal Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated) LaborOfficeFree 19.10 - MySQL Root Password Calculator
25 lines
No EOL
863 B
Text
25 lines
No EOL
863 B
Text
# Exploit Title: Nokia BMC Log Scanner Remote Code Execution
|
|
# Google Dork: N/A
|
|
# Date: November 29, 2023
|
|
# Exploit Author: Carlos Andres Gonzalez, Matthew Gregory
|
|
# Vendor Homepage: https://www.nokia.com/
|
|
# Software Link: N/A
|
|
# Version: 13
|
|
# Tested on: Linux
|
|
# CVE : CVE-2022-45899
|
|
|
|
Description
|
|
The BMC Log Scanner web application, available on several hosts, is vulnerable to command injection
|
|
attacks, allowing for unauthenticated remote code execution. This vulnerability is especially significant
|
|
because this service runs as root.
|
|
|
|
Steps to Reproduce:
|
|
In the Search Pattern field, type:
|
|
|
|
;";command
|
|
|
|
Replacing the word "command" above with any Linux command.
|
|
Root access can be confirmed with the id command or any other command that would require
|
|
root access, such as displaying the contents of the /etc/shadow file."
|
|
|
|
This issue was fixed in version 13.1. |