Detections
Analytics

Untangle NG Firewall Captive Portal RCE

critical Nessus Plugin ID 92321

Language:

Synopsis

The Untangle NG Firewall server running on the remote host is affected by a remote code execution vulnerability.

Description

The Untangle NG Firewall server running on the remote host is affected by a remote code execution vulnerability in the Captive Portal module, specifically within the /capture/handler.py script, due to a failure to verify that a user is authenticated before processing file uploads. An unauthenticated, remote attacker can exploit this to execute arbitrary code, by uploading a crafted file and then accessing it through an HTTP request.

Solution

There is no known fix for this vulnerability at this time. To mitigate the issue, remove the Captive Portal module.

See Also

https://blogs.securiteam.com/index.php/archives/2724

Plugin Details

Severity: Critical

ID: 92321

File Name: untangle_custom_python_upload.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 7/15/2016

Updated: 6/29/2021

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vulnerability.

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

Vulnerability Information

CPE: cpe:/a:untangle:ng_firewall

Required KB Items: installed_sw/Untangle NG Firewall

Vulnerability Publication Date: 7/4/2016