Unrestricted remote administrative access to a vulnerable device could be accomplished through ARP poisoning, ARP cache poisoning, ARP spoofing, MITM attack, etc. An attacker could send maliciously crafted requests to access sensitive data, extract data, etc. This vulnerability can be exploited remotely via a HTTP request. Few of the common vulnerable devices are: - All popular cloud platforms - Virtualized or cloud based devices - Cloud based applications - IoT devices - Remote management systems - Email Servers - CMS like WordPress, Drupal, Microsoft SQL, Joomla, etc. - CRM systems - Hosted/Cloud based file hosting/sharing/ social networking systems - Online shopping/retail/e-commerce systems - Online gaming/social networking/media distribution systems - Any other cloud/hosted/cloud based devices/systems that transmit sensitive data in cleartext over HTTP protocol. A remote attacker could exploit this vulnerability to access sensitive data. REFERENCES: MITRE - https://web.nvd.nist.gov/view/vuln/Detail

In the following PoC you can see how to send a ARP poisoning request to ARP Poisoning Request in HTTP Request.

html> body> form method="GET" action="http://192.168.1.1/cgi-bin/form.cgi"> p> p> input type="hidden" name="cmd" value="arp">

ARP Poisoning Explained html

> body> form method="GET" action="http://192.168.1.1/cgi-bin/form.cgi"> p> p> input type="hidden" name="cmd" value="arp">

Timeline

Published on: 11/10/2022 15:15:00 UTC
Last modified on: 11/10/2022 15:22:00 UTC

References