CVE-2020-29390 Scanner

Zeroshell is a Linux-based distribution for servers and embedded devices, particularly designed for network management tasks. It is primarily used by IT administrators and network specialists to manage and secure network connectivity and access. Users deploy Zeroshell to handle services such as routing, bridging, firewalling, and VPN configurations. The software is known for its flexibility and ease of deployment in various network environments, including educational institutions, small to medium-sized enterprises, and remote offices. Its web-based interface allows an easy and efficient setup, making it accessible even for individuals with limited technical expertise.

The Command Injection vulnerability in Zeroshell allows remote attackers to inject and execute arbitrary commands on the host operating system. The vulnerability is found in the parameter StartSessionSubmit of the CGI script /cgi-bin/kerbynet. An unauthenticated attacker can exploit this by manipulating the server input through specially crafted HTTP requests. The issue arises due to insufficient validation of input parameters, where shell metacharacters are not adequately sanitized. This makes the system vulnerable to crafting inputs that lead to arbitrary command execution.

Technical details of the vulnerability reveal that it is triggered via the StartSessionSubmit parameter in HTTP requests. Attackers can utilize shell metacharacters concatenated with the %0a character to manipulate processed input. The vulnerability resides in the insufficient input validation on the server-side, allowing attackers to execute commands remotely. Attack vectors include manipulating the input to include operating system commands, potentially leading to escalated privileges. The parameter exploitation involves injecting a command payload within the input string, which bypasses regular authentication safeguards.

When exploited, this vulnerability can have severe impacts on a compromised system. Attackers may execute arbitrary commands with potentially elevated privileges, leading to unauthorized data access and system integrity loss. It can enable further exploitation, such as downloading malware, continuing network attacks, or disrupting network services. As a result, organizations could face operational disruptions, loss of sensitive data, and reputational damage. Additionally, this exposure increases the risk of attack vectors used in broader campaigns targeting critical network infrastructure.

REFERENCES

• https://web.archive.org/web/20210303043709/https://blog.quake.so/post/zeroshell_linux_router_rce/
• https://www.exploit-db.com/exploits/41040
• https://nvd.nist.gov/vuln/detail/CVE-2020-29390