CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability.

CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability.

A proof-of-concept attack exploit code was developed demonstrating how a low privileged user (root) could overwrite arbitrary memory locations in a vulnerable 3D map application by accessing them through a specially crafted URL via 3D visualization web application. The vulnerability allows an attacker to execute arbitrary code in the context of the low privileged user (root) in the web-application. A hacker could hijack the 3D visualization session to access and modify the memory of a low privileged web-server user. Exploitation of this vulnerability may allow hackers to obtain sensitive information, such as account credentials, or even escalate their privileges within the web application to allow them to take over the server and its associated network of connected devices.

3D map applications such as Google Earth or Bing Maps are widely used to visualize 3D environment data. These applications allow users to create custom 3D maps by combining different types of data such as satellite images, street view images, elevation data, etc.

Vulnerability overview

This vulnerability allows a low privileged web-server user in a 3D map application to hijack the session and execute arbitrary code as root. This attack works by accessing memory through a specially crafted URL via 3D visualization web application and then executing arbitrary code. An attacker could use this vulnerability to hijack and modify the data of that low privileged user.

The proof-of-concept exploit code below demonstrates how this PoC exploit could be developed.

4.3.1 HTTP Protocol

The HTTP protocol is the standard communications protocol for exchanging data between a client and server over the World Wide Web. It is defined in RFC 2616 and provides uniform functionality across diverse platforms. The protocol defines a strict request-response message flow whereby the client initiates an HTTP request to the server, and the server responds with a resource that fulfills the client's request.

3D Map Application Overview

3D visualization applications offer a greater degree of freedom for users to view 3D environments than traditional 2D maps. The integration of 3D maps provides the user with an opportunity to visualize and explore their surrounding environment in a more detailed and interactive way.
However, these applications also contain security vulnerabilities that allow attackers to manipulate the data in various ways that could lead to compromises such as theft of sensitive information or an escalation of privileges within the application.
An attacker can exploit these vulnerabilities by accessing portions of stored 3D map data through specially crafted URLs via 3D visualization web application. To demonstrate this vulnerability, proof-of-concept code was developed that allowed the low privileged user (root) to overwrite arbitrary memory locations in a vulnerable application which would result in arbitrary code execution.

Vulnerability found and proof of concept code developed:

The proof of concept (PoC) demonstrated how a low privileged user (root) could overwrite arbitrary memory locations in the 3D map application by accessing them through a specially crafted URL via 3D visualization web application. The vulnerability allows an attacker to execute arbitrary code in the context of the low privileged user (root) in the web-application. A hacker could hijack the 3D visualization session to access and modify the memory of a low privileged server user. Exploitation of this vulnerability may allow hackers to obtain sensitive information, such as account credentials, or even escalate their privileges within the web application to allow them to take over the server and its associated network of connected devices.

This vulnerability was reported on June 10, 2017 and CVE-2022-21873 was assigned to it.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe