Zenoss 3.x-4.1.70 Vulnerability Analysis: RCE, XSS, CSRF, Path Traversal

### Critical Vulnerability Information #### Vulnerability Overview - **Product**: Zenoss 3.2.1 - **Affected Versions**: 3.x to 4.1.70 1402 - **Severity**: Multiple security vulnerabilities could allow attackers to take control of the software #### Vulnerability Details ##### Arbitrary Command Execution (Requires Authenticated Session) - **Description**: The `show_device_config.cgi` function has a vulnerability in handling the `device` parameter, allowing malicious users to execute arbitrary commands. - **Example**: ```bash http://zenoss-host:8080/zport/dmd/Devices/configDevice?device=;id=`whoami` ``` ##### Stored Cross-Site Scripting (XSS) (Requires Authenticated Session) - **Description**: Stored XSS vulnerabilities exist on multiple pages, allowing injection of malicious scripts. - **Example**: ```html alert('XSS') ``` ##### Open Redirect (Requires Authenticated Session) - **Description**: An open redirect vulnerability exists, allowing users to be redirected to arbitrary URLs. - **Example**: ```http http://zenoss-host:8080/zport/dmd/users/loginHelper/login?came_from=http://evil.com/ ``` ##### Cross-Site Request Forgery (CSRF) (Requires Authenticated Session) - **Description**: CSRF vulnerability exists, enabling unauthorized operations to be performed. - **Example**: ```http http://zenoss-host:8080/zport/dmd/devices?action=addDevice&deviceName=maliciousHost&path=/zport/dmd/Devices/Servers/Linux&action=Add+Device ``` ##### Directory Traversal (Requires Authenticated Session) - **Description**: A directory traversal vulnerability exists, allowing access to restricted files. - **Example**: ```http http://zenoss-host:8080/zport/dmd/etc/passwd?target=../../../../etc/passwd ``` #### References - OWASP Command Injection - OWASP Cross-Site Scripting (XSS) - OWASP Cross-Site Request Forgery (CSRF) - OWASP Open Redirect - OWASP Path Traversal - OWASP Information Leakage - OWASP Full Path Disclosure ``` This summary outlines multiple critical security vulnerabilities present in Zenoss 3.2.1 and their exploitation methods.

Goal Reached Thanks to every supporter — we hit 100%!

Zenoss 3.x-4.1.70 Vulnerability Analysis: RCE, XSS, CSRF, Path Traversal