CVE-2014-3789
published 2014-05-22CVE-2014-3789: GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
PriorityP274high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
64.19%
99.1th percentile
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cogentdatahub | cogent_datahub | <= 7.3.4 | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
| cogentdatahub | cogent_datahub | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to /Silverlight/GetPermissions.asp with a `password` parameter containing parentheses, backslashes, or `load_plugin` strings, which indicate injection attempts against the datahub_command function. ↗
- →Detect WebDAV traffic (OPTIONS, PROPFIND methods) originating from or directed to the Cogent DataHub host, as the exploit uses a WebDAV server to serve the malicious DLL payload. ↗
- →Alert on HTTP 200 responses from /Silverlight/GetPermissions.asp containing the string `PermissionRecord`, which confirms the vulnerable endpoint is reachable and responding. ↗
- →Detect UNC path patterns (double-backslash host references) in the `password` POST parameter to /Silverlight/GetPermissions.asp, indicating an attempt to load a remote DLL via SMB/WebDAV. ↗
- →Monitor for the presence or modification of AJAXSupport.g on the DataHub host filesystem, as exploitation of the related code injection vector depends on this Gamma script file. ↗
- ·The CISA advisory ICSA-14-198-01 clarifies that while the trigger is remote (POST to ASP page), the attacker must first have write access to the target filesystem to place a Gamma script file for execution — pure remote-only detections may miss the prerequisite write-access stage. ↗
- ·After successful exploitation the remote DataHub service is likely to hang and require manual restart, which can serve as a post-exploitation indicator. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Cogent DataHub Code Injection Vulnerability
cisa_ics·2018-09-06
Cogent DataHub Code Injection Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Cogent DataHub Code Injection Vulnerability
Last RevisedSeptember 06, 2018
Alert CodeICSA-14-198-01
## OVERVIEW
NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. (hereafter referred to as Cogent). Security researcher John Leitch reported this vulnerability to the Zero Day Initiative (ZDI), who then reported it directly to Cogent. Successful exploitation of this vulnerability could allow remote execution of arbitrary code.
This vulnerability could be exploited remotely. Exploits t
CISA ICS
Cogent DataHub Code Injection Vulnerability
cisa_ics·2018-08-27
Cogent DataHub Code Injection Vulnerability
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Cogent DataHub Code Injection Vulnerability
Last RevisedAugust 27, 2018
Alert CodeICSA-15-246-01
## OVERVIEW
NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. An anonymous security researcher reported this vulnerability to HP’s Zero Day Initiative (ZDI). A patch to mitigate this issue was released on September 2, 2015.
This vulnerability could be exploited remotely.
## AFFECTED PRODUCTS
The following Cogent DataHub versions are affected:
- Cogent DataHub, Version 7.3.8 and ear
GHSA
GHSA-h555-xxq9-223x: GetPermissions
ghsa_unreviewed·2022-05-17
CVE-2014-3789 [HIGH] CWE-94 GHSA-h555-xxq9-223x: GetPermissions
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
No detection rules found.
Exploit-DB
Cogent DataHub - Command Injection (Metasploit)
exploitdb·2014-06-25
CVE-2014-3789 Cogent DataHub - Command Injection (Metasploit)
Cogent DataHub - Command Injection (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Cogent DataHub Command Injection',
'Description' => %q{
This module exploits an injection vulnerability in Cogent DataHub prior
to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which
makes insecure use of the datahub_command function with user controlled
data, allowing execution of arbitrary datahub commands and scripts. This
module has been tested successfully with Cogent DataHub 7.3.4 on
Windows 7 SP1.
},
'Author' => [
'John Leitch', # Vulnerability discovery
'juan vazquez' # Metasploit module
],
'Platform' => 'win',
'References' =>
[
['ZDI', '
Metasploit
Cogent DataHub Command Injection
metasploit
Cogent DataHub Command Injection
Cogent DataHub Command Injection
This module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1. Please also note that after exploitation, the remote service will most likely hang and restart manually.
No writeups or analysis indexed.
http://cogentdatahub.com/ReleaseNotes.htmlhttp://www.securityfocus.com/bid/67486http://www.zerodayinitiative.com/advisories/ZDI-14-136/https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01http://cogentdatahub.com/ReleaseNotes.htmlhttp://www.securityfocus.com/bid/67486http://www.zerodayinitiative.com/advisories/ZDI-14-136/https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01
2014-05-22
Published