HCL Digital Experience (DX), a platform for creating and managing web platforms, is affected by multiple vulnerabilities that could lead to remote code execution (RCE) scenarios, the researchers claim. Although the manufacturer mentions that it is not possible to reproduce all the flaws, it does confirm that this is a real security risk.
In late December, HCL Technologies released a security advisory with detailed patches for a server-side request forgery (SSRF) flaw, and inefficient regular expression vulnerability: “Disclosure at the time of update is part of our policies,” the company adds.
Shubham Shah, co-founder and researcher at security firm Assetnote mentions that his team managed to find the SSRF error due to the discovery of an endpoint that allowed the redirection of requests to an arbitrary URL, smuggling this redirection device into the original attack payload. After accessing the source code, Shah said his team found something that seemed extremely naïve, described as a web proxy system implemented by default but limited to a few trusted websites.
One of those trusted endpoints, identified as http://www.redbooks.ibm.com/, ran Lotus Domino to deliver content to users. Experts discovered that it is possible to connect ?Logout&RedirectTo=http://example.com to any Lotus Domino page to cause a URL redirect to the URL specified in the RedirectTo parameter. As a result, threat actors could move to the internal network and request metadata endpoints in the cloud to obtain sensitive credentials.
Attackers could also achieve command execution by loading a malicious zip file that, when extracted, is vulnerable to arbitrary file loading: “If a user can write an ifcfg-<whatever>in /etc/sysconfig/network-scripts script or adjust an existing one, then remote code execution is possible,” adds the expert.
As a mitigation method, Shah proposes that users modify all proxy-config.xml files in their Websphere Portal installation so that no sources are whitelisted and multiple folders deleted, which should minimize the chances of exploitation.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
Go to Source of this post
Author Of this post: Daniel Tai