CVE-2018-17936
published 2018-11-27CVE-2018-17936: NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which…
PriorityP275critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
15.31%
96.4th percentile
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nuuo | nuuo_cms | <= 3.3 | — |
| nuuo | nuuo_cms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for use of the COMMITCONFIG verb in CMS traffic, which is the attack primitive for this file upload vulnerability. ↗
- →Detect directory traversal sequences (..\..\) in the FileName parameter of COMMITCONFIG requests to NUUO CMS Server. ↗
- →Alert on unexpected modification or overwrite of LicenseTool.dll in the NUUO CMS Server installation directory, as this is the target file used by the Metasploit exploit module. ↗
- →Monitor for arbitrary file uploads that modify or overwrite configuration files on the NUUO CMS server, which could indicate exploitation for remote code execution. ↗
- ·The exploit module targets CMS versions up to and including v2.4 for the COMMITCONFIG traversal vector, while the NVD advisory states all versions 3.3 and prior are affected by the arbitrary file upload vulnerability — ensure detection coverage spans the full affected version range. ↗
- ·The exploit module will attempt default credentials if no username/password or session number is provided, meaning unauthenticated-style exploitation via credential guessing is possible and should be accounted for in detection logic. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
NUUO CMS (Update A)
cisa_ics·2018-10-11·CVSS 9.8
[CRITICAL] NUUO CMS (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
NUUO CMS (Update A)
Last RevisedNovember 20, 2018
Alert CodeICSA-18-284-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: NUUO
- Equipment: CMS
--------- Begin Update A Part 1 of 3 --------
- Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials, Path Traversal, Unrestricted Upload of File with Dangerous Type, SQL Injection
--------- End Update A Part 1 of 3 ----------
## 2. UPDATE INFORMATION
This up
GHSA
GHSA-h329-mq35-h7hv: NUUO CMS All versions 3
ghsa_unreviewed·2022-05-13
CVE-2018-17936 [CRITICAL] CWE-434 GHSA-h329-mq35-h7hv: NUUO CMS All versions 3
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
No detection rules found.
No writeups or analysis indexed.
2018-11-27
Published