CVE-2024-2621 Scanner
CVE-2024-2621 Scanner - Command Injection vulnerability in Fujian Kelixin Communication Command and Dispatch Platform
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
1 minute
Time Interval
10 days 20 hours
Scan only one
Domain, IPv4
Toolbox
-
Fujian Kelixin Communication Command and Dispatch Platform is a versatile communication platform employed by organizations for structured internal command and dispatch operations. Primarily used in environments requiring robust and efficient communication channels, it facilitates user account management and permissions update through structured APIs. With a focus on delivering high performance and reliability, the platform supports real-time data exchanges crucial for operational tasks. The deployment of this platform is common across sectors needing streamlined dispatch services like emergency management services and large-scale industrial operations. It leverages cutting-edge technology to enhance intra-organizational communication efficiency while maintaining high security standards. The platform's scalability suits diverse organizational sizes and its up-to-date system architecture allows easy adaptability to emerging communication needs.
The Command Injection vulnerability detected in Fujian Kelixin Communication Command and Dispatch Platform allows unauthorized command execution by manipulating user input into scripts or system commands. This type of vulnerability can lead to severe security breaches as attackers could potentially execute arbitrary commands on the host system. Such vulnerabilities typically arise due to improper validation of user inputs within the application's functionalities. By compromising the platform's command execution procedures, malicious entities can undermine system integrity and confidentiality. Exploitation of this vulnerability provides backdoor access enabling attackers to execute system-level commands without legitimate permissions. Mitigating this vulnerability involves implementing rigorous input validation mechanisms to prevent command injection attacks effectively.
Technical details indicate that the vulnerability lies within the file api/client/user/pwd_update.php, where unsanitized inputs are processed. Attackers can inject malicious commands into parameters like usr_number in HTTP requests to exploit this vulnerability. The parameter is part of an endpoint responsible for password update operations, which lacks proper input sanitization. This endpoint, when misused, can trigger time-based command injection attacks, confirming vulnerability exploitation through response delays. Leveraging sleep commands to validate the execution of injected commands exemplifies the delicate nature of the flaw. The combination of certain HTTP status codes with specific response body contents can confirm successful exploitation and potential system access.
When exploited, this Command Injection vulnerability can allow attackers to execute arbitrary commands on the affected server, jeopardizing system integrity and data confidentiality. Attackers may leverage the vulnerability to gain unauthorized access, leading to data breaches and potential denial of service conditions. Exploitation might enable attackers to manipulate dispatch operations, causing operational disruptions. System compromises due to this vulnerability can also lead to sensitive information disclosure or unauthorized data modification. Furthermore, the possibility of establishing persistent control on the server increases the risk of long-term system abuse by attackers. Swift remediation is essential to safeguard against potential exploitation impacts.
REFERENCES
- https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdf
- https://vuldb.com/?id.257198
- https://github.com/NaInSec/CVE-LIST
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://nvd.nist.gov/vuln/detail/CVE-2024-2621