CVE-2021-26472 - Unauthenticated remote command execution with SYSTEM privileges in Vembu products
CVE | CVE-2021-26472 |
Case | DIVD-2020-00011 |
Discovered by | |
Credits |
|
Products |
VembuBDR:
|
Versions |
VembuBDR:
|
Page author | Frank Breedijk |
CVSS | Base score: 10 |
References | |
Last modified | 20 Jun 2022 09:35 |
Description
In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.
How to reproduce
Step 1: Install a vulnerable product on Windows
Step 2: execute the following http request
$ curl 'http://local/consumerweb/secure/download.php?Action=ResellerTemplate&accountID=%26whoami'
Step 3: Result
Impact
This vulnerability allows an attacker to execute arbitrary windows commands with full system privileges. A.k.a. a full system compromise.
JSON version