CVE-2022-43689 Concrete CMS is vulnerable to XXE DNS requests that disclose IPs.

CVE-2022-43689 Concrete CMS is vulnerable to XXE DNS requests that disclose IPs.

Requesting the MX hostname record for a subdomain leading to the server’s public IP address, for instance

www.example.com

results in the delivery of XXE payload to the receiving server. An attacker can exploit this bug by injecting a crafted DNS request with a maliciously constructed subdomain leading to the server’s public IP address. This issue results in the XXE payload being sent to the receiving server and could be leveraged to gain access to the server or even perform a DDOS attack. All concrete5 versions between 8.5.9 and 9.0.3 are vulnerable. All concrete5 versions between 9.0.0 and 9.1.2 are also vulnerable. All concrete5 versions between 9.1.2 and 9.2.0 are vulnerable. All concrete5 versions between 9.2.0 and 9.3.0 are vulnerable. All concrete5 versions between 9.3.0 and 9.4.0 are vulnerable. All concrete5 versions between 9.4.0 and 9.5.0 are vulnerable. All concrete5 versions between 9.5.0 and 9.6.0 are not vulnerable. All concrete5 versions 9.6.0 and 9.7.0 are not vulnerable. All concrete5 versions between 9.7.0 and 9.8.0 are not vulnerable. All concrete5 versions between 9.8.0 and 9.9.0 are

Operation Scenarios

Exploitation of this flaw could result in the following scenario:

1. An attacker creates a subdomain called www.example.com, leads to the public IP address of the concrete5 server and receives the XXE payload on their own server.
2. The attacker can leverage this flaw to perform a DDOS attack against the concrete5 server, or gain access to the server running concrete5 by sending up a crafted DNS request with a maliciously constructed subdomain leading to the public IP address of the concrete5 server.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe