CVE-2022-27228 Scanner

Bitrix Site Manager is a widely used content management system (CMS) developed by Bitrix Inc., which powers numerous websites worldwide. It is particularly popular among businesses for internal and external corporate communications. The platform allows users to create and manage web content, providing robust tools for collaboration, workflow, and documentation management. It features a range of modules such as e-commerce, marketing, and analytics, making it suitable for various online business needs. Bitrix Site Manager supports multiple sites from a single installation, ensuring efficiency in web management tasks. Its architecture is built to easily integrate with other software applications, making it flexible and user-friendly.

Remote Code Execution (RCE) is a critical vulnerability that allows an attacker to execute arbitrary code on a target system. It usually involves leveraging other weaknesses and gaining unauthorized access to execute commands. In the context of Bitrix Site Manager, it allows an unauthenticated attacker to execute arbitrary code in the vote module. This typically occurs due to improper validation or handling of user input or unsanitized code. RCE vulnerabilities can be exploited over a network, without physical access to the system. The severity of RCE often depends on what extent the attacker's code can interfere with the affected system.

The technical details of the Remote Code Execution (RCE) vulnerability in Bitrix Site Manager revolve around the vote module. Before version 21.0.100, the module allows an external entity to trigger code execution inadvertently. An attacker can exploit this through a crafted HTTP POST request containing malicious payloads. The vulnerability lies within the 'attachId' parameters and specific form-data fields that are improperly validated, allowing code injection. Additionally, session management issues with 'bitrix_sessid' potentially contribute to the exploitability. Effective remediation depends on eliminating these unsafe parameter handling and session management flaws in the application code.

Exploiting the Remote Code Execution (RCE) vulnerability in the Bitrix Site Manager could have severe repercussions. Attackers can achieve full control of the affected server, leading to unauthorized access to sensitive data or personal information. Furthermore, attackers might install malware or backdoors, allowing persistent access to the compromised systems. Once the system is under an attacker's control, it might be used to launch further attacks across the network. The exploit could also lead to data loss or corruption, impacting the integrity and availability of services. Lastly, such attacks could damage the organization's reputation and erode customer trust if exploited publicly.

REFERENCES

• https://alt3r.eg0.ru/p0c5/attacking_bitrix.pdf
• https://pentestnotes.ru/notes/bitrix_pentest_full/#rce-vote_agentphp-cve-2022-27228
• https://nvd.nist.gov/vuln/detail/CVE-2022-27228