CVE-2022-29464

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-22

Em resumo

Uma falha em produtos WSO2 permite que invasores façam upload de arquivos sem restrições em diretórios sensíveis, possibilitando executar código malicioso no servidor. O ataque explora um endpoint de upload usando técnicas de travessia de caminho para burlar verificações de segurança.

Detalhe técnico

A vulnerabilidade existe no endpoint /fileupload onde há validação insuficiente do cabeçalho Content-Disposition, permitindo travessia de diretório (CWE-22). Um atacante não autenticado pode enviar requisições com sequências de travessia (ex.: ../../../../repository/deployment/server/webapps) para escrever arquivos no diretório web, alcançando execução remota de código. Versões afetadas abrangem múltiplos produtos WSO2 incluindo API Manager, Identity Server, Enterprise Integrator e componentes Open Banking.

Resumo gerado e traduzido por IA a partir da descrição oficial.

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

Produtos afetados

n/a · n/a

PoCs públicas encontradas — 30

githubgithub.com/hakivvi/CVE-2022-29464★ 377 githubgithub.com/0xdsm/WSOB★ 28 githubgithub.com/SystemVll/CVE-2022-29464★ 11 githubgithub.com/Ap0dexMe0/CVE-2022-29464★ 9 githubgithub.com/gbrsh/CVE-2022-29464★ 7 githubgithub.com/hev0x/CVE-2022-29464★ 5 githubgithub.com/Lidong-io/cve-2022-29464★ 5 githubgithub.com/Chocapikk/CVE-2022-29464★ 5 githubgithub.com/jimidk/Better-CVE-2022-29464★ 5 githubgithub.com/r4x0r1337/-CVE-2022-29464★ 4 githubgithub.com/hupe1980/CVE-2022-29464★ 3 githubgithub.com/gpiechnik2/nmap-CVE-2022-29464★ 3 githubgithub.com/mr-r3bot/WSO2-CVE-2022-29464★ 2 githubgithub.com/superzerosec/CVE-2022-29464★ 2 githubgithub.com/tufanturhan/wso2-rce-cve-2022-29464★ 2 githubgithub.com/hxlxmj/Mass-exploit-CVE-2022-29464★ 1 githubgithub.com/Pasch0/WSO2RCE★ 1 githubgithub.com/Pushkarup/CVE-2022-29464★ 1 githubgithub.com/amit-pathak009/CVE-2022-29464-mass★ 1 githubgithub.com/axin2019/CVE-2022-29464★ 1 githubgithub.com/devengpk/CVE-2022-29464★ 1 githubgithub.com/LinJacck/CVE-2022-29464★ 1 githubgithub.com/0xAgun/CVE-2022-29464★ 1 githubgithub.com/c1ph3rbyt3/CVE-2022-29464★ 0 githubgithub.com/h3x0v3rl0rd/CVE-2022-29464★ 0 githubgithub.com/lowkey0808/cve-2022-29464★ 0 githubgithub.com/amit-pathak009/CVE-2022-29464★ 0 githubgithub.com/SynixCyberCrimeMy/CVE-2022-29464★ 0 githubgithub.com/cc3305/CVE-2022-29464★ 0 cve_referencepacketstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.htmlnão verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.html https://github.com/hakivvi/CVE-2022-29464 https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1738/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-29464 http://www.openwall.com/lists/oss-security/2022/04/22/7