CVE-2022-28771 API version 10.0 has an authentication check that can be bypassed by an unauthenticated attacker.

CVE-2022-28771 API version 10.0 has an authentication check that can be bypassed by an unauthenticated attacker.

This issue can be exploited over Telnet, SSH, or through an insecure web interface. In most cases, this type of attack is done through the help desk application. Due to the missing authentication, anyone can send the attacker any document over the network. Due to this weakness, any unauthenticated attacker can do the following: - Send a crafted request to the help desk application; - This can be done via the insecure web interface; - End users can send any document over the network. Due to the missing authentication, an attacker can do any of the following. - Change the help desk settings; - Change the help desk settings and completely block a certain user; - Send a crafted request to the help desk application; - This can be done via the insecure web interface; - End users can send any document over the network. Due To the missing authentication, any unauthenticated attacker can do any of the following. - Change the help desk settings; - Change the help desk settings and completely block a certain user; - Send a crafted request to the help desk application; - This can be done via the insecure web interface; - End users can send any document over the network.

Vulnerability Finding Tips

If you’re having a hard time finding the vulnerability that corresponds to your CVE, try using the search bar at https://cve.mitre.org/. If you still can’t find it, use your favorite search engine and type in “CVE-2022-28771.”

How do I know if my environment is vulnerable?

If your environment is vulnerable, you should be aware of the following: - You have unauthenticated access to the help desk application on your server; - Your environment has more than one server and you are able to get the information from one of them.
If your environment is vulnerable, you should be aware of the following: - You have unauthenticated access to the help desk application on your server; - Your environment has more than one server and you are able to get the information from one of them.

How to Check Help Desk Settings

Unauthenticated attackers can change the help desk settings on the help desk application and completely block a certain user. To check this, we need to use the following steps:
1) Set up a listener on port 8080 of your local IP address (e.g. 192.168.1.2).
2) If you are located behind NAT/firewall, then use your public IP address instead of your local IP address (e.g. 10.0.0.18).
3) You should see the following in your listening log:
Cisco Systems Inc., Catalyst 6000 series, IOS 12.4(4)T7
- UDP src 10.0.0.18:23  - UDP dst 10.0.0  - Source port 23  - Destination port 8080  UDP packets: sent 1, received 0
- Success rate 0%
5) Enter "show run" at the command prompt and press enter to show all commands in running configuration, then enter "show run user access list" and press enter to view all users that have access to show run commands in running configuration:
6) You should see a line for "bob". This is who has access to show run commands in running configuration:
7) Enter "show run user account" and press enter to view all accounts that have access to show run commands in running configuration:
8) A username list will

FAQ

Q: What can the attacker do?
A: The attacker can send a crafted request to the help desk application and this can be done via the insecure web interface.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe