Bitrix Site Manager is a widely used, popular content management system (CMS), which enables users to easily build, manage, and update websites. Recently, a critical security vulnerability was discovered in the Vote module of Bitrix Site Manager before version 21..100. This article will provide a deep dive into the details of the vulnerability, designated as CVE-2022-27228, which allows remote unauthenticated attackers to execute arbitrary code on affected systems. The security implications of this vulnerability are severe, as an exploit could allow attackers to take full control, steal sensitive data, or perform other malicious activities on vulnerable websites. To mitigate this risk, it's crucial to understand the vulnerability and apply necessary security updates.

Code Snippet

The vulnerable code is found in the Vote module, specifically in the file vote_call.php. The following problematic code snippet is responsible for the security issue:

//...
$voteID = intval($_REQUEST["VOTE_ID"]);
$vote = CVote::GetByID($voteID);
//...

As seen above, the vulnerable code allows attackers to manipulate the input parameter VOTE_ID directly, leading to arbitrary code execution.

* Bitrix Site Manager: https://www.bitrixsoft.com

* Bitrix Security Update: https://www.bitrixsoft.com/support/troubleshooting_vote_module_remote_code_execution_rce_patch.php

* CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27228

* National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2022-27228

An attacker could exploit this vulnerability by sending a crafted HTTP request

GET /bitrix/admin/vote_call.php?VOTE_ID=[payload]&ACTION=xxx HTTP/1.1
Host: victim.example.com

In the request above, the attacker replaces [payload] with malicious code designed to run on the target system. Since the target system doesn't validate or sanitize the input VOTE_ID, the malicious code can be executed without authentication.

Upon successful exploitation, an attacker can execute arbitrary code on the victim's system with privileges of the underlying web server. This could lead to numerous security implications, including unauthorized access, data breaches, and other devastating attacks on the targeted system.

Conclusion and Recommendations

To protect your Bitrix Site Manager installation from the CVE-2022-27228 vulnerability, take the following steps:

Update Bitrix Site Manager to version 21..100 or later.

2. Follow the security best practices provided by Bitrix for securing your website, including strong access controls, regular security updates, and thorough monitoring.

Stay aware of emerging threats and vulnerabilities, and ensure that you are subscribed to Bitrix's security updates and announcements to receive timely security notifications.

Timeline

Published on: 03/22/2022 18:15:00 UTC
Last modified on: 03/28/2022 20:40:00 UTC