Detections
Analytics

Kentico CMS 9.x < 10.0.52 / 11.0.x < 11.0.48 / 12.0.x < 12.0.15 Remote Code Execution

critical Web App Scanning Plugin ID 98997

Language:

Synopsis

Kentico CMS 9.x < 10.0.52 / 11.0.x < 11.0.48 / 12.0.x < 12.0.15 Remote Code Execution

Description

Kentico CMS is a common ASP.NET Content Management System (CMS) used for building websites and online stores.

Kentico CMS versions 9 to 10.0.51, 11.0.0 to 11.0.47 and 12.0.0 to 12.0.14 perform unsafe .NET Objects deserialization through the /CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData URI, allowing unauthenticated attackers to do remote code execution on the target application.

Solution

Upgrade at least to version 12.0.15 for versions 12.0.x, version 11.0.48 for versions 11.0.x and version 10.0.52 for versions 10.0.x and 9.x. An immediate workaround is to set X.509 authentication on the Staging service authentication, as described by the vendor.

See Also

http://devnet.kentico.com/download/hotfixes

https://blog.gdssecurity.com/labs/2019/4/15/unauthenticated-remote-code-execution-in-kentico-cms.html

https://dreadlocked.github.io/2019/10/25/kentico-cms-rce/

Plugin Details

Severity: Critical

ID: 98997

Type: remote

Published: 4/9/2020

Updated: 9/7/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-10068

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: CVE-2019-10068

Vulnerability Information

CPE: cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

CISA Known Exploited Vulnerability Due Dates: 4/15/2022

Reference Information

CVE: CVE-2019-10068