This Wednesday, February 5, several vulnerabilities were detected in the EyesOfNetwork solution.
|CVE-2020-8654||Discovery module to allows to run arbitrary OS command.
We were able to run the ‘id’ command with the following payload in the target field : ;id #’.
|CVE-2020-8655||LPE via nmap NSE script
As the apache user is allowed to run nmap as root, we were able to execute arbitrary commands by providing a specially crafted NSE script.
|CVE-2020-8656||SQLi in API in getApiKey function on ‘username’ field
PoC: onapi/getApiKey?username=’ union select sleep(3),0,0,0,0,0,0,0 or ‘
|CVE-2020-8657||Calculable/guessable API key||eonapi-2.0-2+|
The association of these vulnerabilities allows an attacker to obtain a shell with root rights on an instance of EON 5.2 and 5.3 without prior information or login.
The patch is applied by executing the following command:
yum update eonapi lilac
** ⚠ Attention ⚠ **: Updating the eonapi package to version> = 2.0-2 will cause the regeneration of the APIKEY of the admin user. The new key should be retrieved and informed in third-party consumer tools API (ex: EyesOfIndicator, …).