Presentation

Apach user can run arbitary commands as root. Here is the default configuration that is presented for the Apache user in EON 5.3 :

apache ALL=NOPASSWD:/bin/systemctl * snmptt,/bin/systemctl * snmptrapd,/bin/systemctl * snmpd,/bin/systemctl * nagios,/bin/systemctl * gedd,/usr/bin/nmap

A user can use the nmap command to run arbitary commands as ‘root’ by using a NSE script.

Exploit

EONRCEv1

Impacted Version(s)

Every Eon versions from 5.1 to 5.3

Fixed Version(s)

EON 5.3-1

Fix

Download latest EON fixed version.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8654

http://packetstormsecurity.com/files/156266/EyesOfNetwork-5.3-Remote-Code-Execution.html

http://packetstormsecurity.com/files/156605/EyesOfNetwork-AutoDiscovery-Target-Command-Execution.html

https://github.com/EyesOfNetworkCommunity/eonweb/issues/50