CVE-2018-18325 Scanner

DotNetNuke, often abbreviated as DNN, is a web content management system and application framework that is widely used for creating and maintaining websites. It is employed by various organizations for its flexibility in managing content and ease of use for non-technical users. DNN provides extended features through a variety of modules and plugins, allowing users to expand the functionality of their websites. Businesses, educational institutions, and government agencies utilize DNN for its robust capabilities in managing digital content and online presence. The platform also offers a rich ecosystem that supports custom development of themes and modules, making it a popular choice for web developers. Given its widespread use, vulnerabilities in DNN can significantly impact a large number of websites and their security.

The Remote Code Execution (RCE) vulnerability in DotNetNuke arises from the use of weak encryption algorithms to protect input parameters. This vulnerability allows attackers to craft and manipulate cookies that can be deserialized, leading to unauthorized execution of code on the server. DNN versions 9.2 through 9.2.2 are particularly vulnerable due to an incomplete fix for a prior vulnerability. The exploitation of this flaw can enable attackers to perform arbitrary actions on the server, compromising the integrity and confidentiality of the web applications running on DNN. This vulnerability is classified as high severity due to the potential for severe damage it can cause if exploited successfully. RCE vulnerabilities like this are often targeted by attackers due to their potential for wide-ranging impact.

This specific RCE vulnerability in DotNetNuke involves exploiting the weak encryption used in DNNPersonalization cookies. Attackers can create malicious cookies that, when processed by the server, execute arbitrary code through deserialization. The issue lies in the method of protection afforded to input parameters, which fails to sufficiently secure against malicious tampering. This weakness allows attackers to target endpoints where cookies are deserialized without proper validation. Technical exploitation involves crafting customized cookies that trigger the server to execute specific payloads, potentially compromising sensitive files or enabling further attacks. The vulnerable parameter thus acts as a vehicle for executing commands remotely on the affected server, violating its operational integrity.

Exploitation of this vulnerability can have significant consequences, including unauthorized access to sensitive data, disruption of services, and deployment of further malicious code. An attacker could potentially take control of the affected server, leading to data breaches or enabling the attacker to use the server for further malicious activities across a network. The ability to execute arbitrary code can also allow attackers to manipulate or steal information, introduce malware, or damage the affected system and its reputation. Such vulnerabilities might also be leveraged in broader campaigns aimed at larger infrastructures using DNN, posing a severe risk to the security posture of organizations relying on this technology.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2018-18325
• https://nvd.nist.gov/vuln/detail/CVE-2018-15811
• https://github.com/dnnsoftware/Dnn.Platform/releases
• http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
• https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb