Vulnerability-Lookup

CNVD-2022-08154

Vulnerability from cnvd - Published: 2022-02-02

Title

QuickBox代码注入漏洞

Description

QuickBox是QuickBox团队的一套媒体服务器应用程序和服务管理系统。该系统支持使用仪表板实现应用程序的安装和管理，使用户能够与媒体服务器进行交互。 QuickBox Pro v2.5.8版本及以下版本中存在代码注入漏洞，该漏洞源于config.php文件有一个变量，该变量接受一个GET参数值并将其解析为shell_exec()且未能正确清理任何shell参数。攻击者可利用该漏洞远程执行代码。

Severity

高

Patch Name

QuickBox代码注入漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/QuickBox/QB/issues/202

Reference

https://websec.nl/blog/61b2b37a43a1155c848f3b08/websec%20finds%20critical%20vulnerabilities%20in%20popular%20media%20server

Impacted products

Name
['QuickBox QuickBox Pro <=v2.5.8', 'QuickBox QuickBox Community <=2.5.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-44981",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-44981"
    }
  },
  "description": "QuickBox\u662fQuickBox\u56e2\u961f\u7684\u4e00\u5957\u5a92\u4f53\u670d\u52a1\u5668\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u4f7f\u7528\u4eea\u8868\u677f\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u88c5\u548c\u7ba1\u7406\uff0c\u4f7f\u7528\u6237\u80fd\u591f\u4e0e\u5a92\u4f53\u670d\u52a1\u5668\u8fdb\u884c\u4ea4\u4e92\u3002\n\nQuickBox Pro v2.5.8\u7248\u672c\u53ca\u4ee5\u4e0b\u7248\u672c\u4e2d\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8econfig.php\u6587\u4ef6\u6709\u4e00\u4e2a\u53d8\u91cf\uff0c\u8be5\u53d8\u91cf\u63a5\u53d7\u4e00\u4e2aGET\u53c2\u6570\u503c\u5e76\u5c06\u5176\u89e3\u6790\u4e3ashell_exec()\u4e14\u672a\u80fd\u6b63\u786e\u6e05\u7406\u4efb\u4f55shell\u53c2\u6570\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/QuickBox/QB/issues/202",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-08154",
  "openTime": "2022-02-02",
  "patchDescription": "QuickBox\u662fQuickBox\u56e2\u961f\u7684\u4e00\u5957\u5a92\u4f53\u670d\u52a1\u5668\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u652f\u6301\u4f7f\u7528\u4eea\u8868\u677f\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\u7684\u5b89\u88c5\u548c\u7ba1\u7406\uff0c\u4f7f\u7528\u6237\u80fd\u591f\u4e0e\u5a92\u4f53\u670d\u52a1\u5668\u8fdb\u884c\u4ea4\u4e92\u3002\r\n\r\nQuickBox Pro v2.5.8\u7248\u672c\u53ca\u4ee5\u4e0b\u7248\u672c\u4e2d\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8econfig.php\u6587\u4ef6\u6709\u4e00\u4e2a\u53d8\u91cf\uff0c\u8be5\u53d8\u91cf\u63a5\u53d7\u4e00\u4e2aGET\u53c2\u6570\u503c\u5e76\u5c06\u5176\u89e3\u6790\u4e3ashell_exec()\u4e14\u672a\u80fd\u6b63\u786e\u6e05\u7406\u4efb\u4f55shell\u53c2\u6570\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "QuickBox\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "QuickBox QuickBox Pro \u003c=v2.5.8",
      "QuickBox QuickBox Community \u003c=2.5.8"
    ]
  },
  "referenceLink": "https://websec.nl/blog/61b2b37a43a1155c848f3b08/websec%20finds%20critical%20vulnerabilities%20in%20popular%20media%20server",
  "serverity": "\u9ad8",
  "submitTime": "2022-01-26",
  "title": "QuickBox\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2021-44981 (GCVE-0-2021-44981)

Vulnerability from cvelistv5 – Published: 2022-01-24 12:26 – Updated: 2024-08-04 04:32

Summary

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(''); function, which allows for privilege escalation by means of RCE.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

2 references

URL	Tags
https://websec.nl/blog/61b2b37a43a1155c848f3b08/w…	x_refsource_MISC
https://github.com/QuickBox/QB/issues/202	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://websec.nl/blog/61b2b37a43a1155c848f3b08/websec%20finds%20critical%20vulnerabilities%20in%20popular%20media%20server"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/QuickBox/QB/issues/202"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(\u0027\u0027); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(\u0027\u0027); function, which allows for privilege escalation by means of RCE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-24T12:26:11.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://websec.nl/blog/61b2b37a43a1155c848f3b08/websec%20finds%20critical%20vulnerabilities%20in%20popular%20media%20server"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/QuickBox/QB/issues/202"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-44981",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(\u0027\u0027); function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by default attackers can use the sudo command within this shell_exec(\u0027\u0027); function, which allows for privilege escalation by means of RCE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://websec.nl/blog/61b2b37a43a1155c848f3b08/websec%20finds%20critical%20vulnerabilities%20in%20popular%20media%20server",
              "refsource": "MISC",
              "url": "https://websec.nl/blog/61b2b37a43a1155c848f3b08/websec%20finds%20critical%20vulnerabilities%20in%20popular%20media%20server"
            },
            {
              "name": "https://github.com/QuickBox/QB/issues/202",
              "refsource": "MISC",
              "url": "https://github.com/QuickBox/QB/issues/202"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44981",
    "datePublished": "2022-01-24T12:26:11.000Z",
    "dateReserved": "2021-12-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:32:13.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-08154

CVE-2021-44981 (GCVE-0-2021-44981)

Tags

Sightings

Nomenclature