SSD Advisory – EMC IsilonSD Edge Management Server Command Injection

Credit to Author: SSD / Maor Schwartz| Date: Sun, 02 Jul 2017 08:09:16 +0000

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a Remote Command Injection vulnerability found in EMC IsilonSD Edge Management Server version 1.0.1.0005.

IsilonSD Edge Management Server enables you to deploy industry leading scale-out NAS operating system using industry-standard hardware. Key benefits of IsilonSD Edge: Simple yet powerful and efficient scale-out storage solution for remote and branch offices, Easily extends your enterprise data lake from the core data center to edge locations and Enables consolidation and distribution of unstructured data

Credit
An independent security researcher, Nahuel D. Sánchez from vvvSecurity, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
We have informed EMC of the vulnerability on the 24th of April 2017, the last email we received from them was on the 30th of May 2017. We have no further updates from EMC regarding the availability of a patch or a workaround for the vulnerability.

Vulnerability Details
A remote authenticated attacker can misuse IsilonSD management tools (located at https://:5480) to execute arbitrary OS commands. The vulnerability relies in the lack of backend validation when the network configuration if performed. There is some kind of front end validation which can be bypassed.

If an attacker access the application and changes the hostname to something like “localhost; uname -a” the “uname -a” command will be executed with root privileges.

Proof of Concept
Reverse shell with root privileges will be triggered by this PoC.

Execute the PoC as follows:

python os_command_injection.py https://:5480 administrator

os_command_injection.py

Print Friendly

https://blogs.securiteam.com/index.php/feed