Thursday, January 2, 2020

[Comtech] Authenticated RCE on Comtech FX Series (CVE-2020-5179) by @CesarSIlence

The web application used for the management and administration of Compression Bandwidth Optimization Platform has a critical vulnerability that allow to an attacker to do a Remote Code Execution with root access. That is, the application allows to gain full control over the server.


 Comtech logo.


Comtech Stampede FX-1010





Vendor WebSite:
http://www.comtechtel.com/

You can search for vulnerable sites on google with the following dork “Comtech FX Series” or maybe in shodan if you want.

Let’s start!!

We need to use the default comtech credentials to access on the administration panel (comtech:comtech)



Go to the Menu and click on Operations > Diagnostics > Ping


On target IP Address input we can ping an IP but we can add other command behind of “;” in this case, we are going to use an “id” command.

 


When we press OK, the result show us the user and groups.






 It’s time to automate!
 
Thanks to SamneZ for help me with the script on Python 😀



 Happy Hacking ! @CesarSilence

Javier

Autor

2 comentarios:

  1. hi, guy, can I study your python script? email:laowang0521@qq.com, appreciate it!♥♥♥

    ReplyDelete
  2. I did many times, but my script can not run as well -.- hope you can help me, thanks!

    ReplyDelete

 
biz.