DNN (DotNetNuke) 5.2.0 < 9.1.1 Multiple Vulnerabilities

high Nessus Plugin ID 101397

Synopsis

The remote web server contains an ASP.NET application that is affected by multiple vulnerabilities.

Description

The version of DNN Platform (formerly DotNetNuke) running on the remote host is 5.2.0 or later but prior to 9.1.1. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists due to insecure use of web cookies to identify users. An unauthenticated, remote attacker can exploit this, by impersonating a user and uploading malicious code to the server, to execute arbitrary code. This vulnerability affects all versions from 7.0.0 to 9.1.0.

- A flaw exists due to an overly permissive HTML5 message posting policy when handling cross-document messaging.
An unauthenticated, remote attacker can exploit this to conduct a spoofing attack or to disclose sensitive information. This vulnerability affects all versions from 8.0.0 to 9.1.0.

- A cross-site redirection vulnerability exists due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to redirect users to a website of the attacker's choosing. This vulnerability affects all versions from 7.0.0 to 9.1.0.

- A remote code execution vulnerability exists due to a failure to properly validate file types and extensions for uploaded files before placing them in a user-accessible path. An authenticated, remote attacker can exploit this to execute arbitrary code with the privileges of the web service. This vulnerability affects all versions from 5.2.0 to 9.1.0.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to DNN Platform version 9.1.1 or later.

See Also

http://www.nessus.org/u?a950f08f

https://www.dnnsoftware.com/community/security/security-center

http://www.nessus.org/u?1d53b62d

Plugin Details

Severity: High

ID: 101397

File Name: dotnetnuke_9_1_1.nasl

Version: 1.16

Type: remote

Family: CGI abuses

Published: 7/12/2017

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2017-9822

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:dotnetnuke:dotnetnuke

Required KB Items: installed_sw/DNN

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/5/2017

Vulnerability Publication Date: 7/5/2017

CISA Known Exploited Vulnerability Due Dates: 5/3/2022

Exploitable With

Metasploit (DotNetNuke Cookie Deserialization Remote Code Excecution)

Reference Information

CVE: CVE-2017-9822