COSCO Kirin iAudit Operation and Maintenance Auditing System Remote Code Execution (RCE) Scanner

COSCO Kirin iAudit Operation and Maintenance Auditing System is utilized by organizations to ensure secure and compliant operation and maintenance processes. It supports features such as unified authentication, authorization, auditing, and monitoring. Enterprises leverage this platform to streamline and protect their IT infrastructure's operational management. The system is usually deployed within an organization's internal network and is managed by IT security personnel. Its aim is to provide a centralized point of control and oversight for maintenance activities, thereby enhancing security posture. This product is particularly relevant for organizations with large-scale IT operations requiring rigorous audit and compliance metrics.

The vulnerability identified is a Remote Code Execution (RCE) flaw that affects the system's operational integrity. It is characterized by unauthorized command execution due to improper input validation in a specific interface. Attackers exploiting this vulnerability can inject commands through the get_luser_by_sshport.php interface. This vulnerability poses a significant risk as it could allow malicious actors to manipulate system operations or gain unauthorized access. The severity of the issue is amplified by the system's role in enterprise security and maintenance processes.

Technical details reveal that unfiltered string concatenation in the get_luser_by_sshport.php interface allows unauthorized commands to be executed. This occurs when an attacker manipulates path variables, introducing commands to the system. The weakness lies in the failure to adequately sanitize input parameters, enabling command injection. The attack vector involves crafting a specific HTTP request that exploits this vulnerability. Successful exploitation grants an attacker elevated privileges, potentially compromising the entire bastion system's security.

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive data and system control. Attackers may execute arbitrary code, disrupt operations, or further infiltrate the network. The risk extends to data integrity and confidentiality, potentially impacting business operations and compliance. Organizations utilizing this system face significant security and operational risks if this vulnerability remains unaddressed. Immediate remediation is necessary to mitigate potential exploitation and safeguard the system's integrity.

REFERENCES

• https://www.tosec.com.cn/