VisualWare MyConnection Server 11.x Remote Code Execution via Unrestricted File Upload (CVE-2021-27198)

Document Title: VisualWare MyConnection Server 11.x Remote Code Execution Vulnerability CVE Name: CVE-2021-27198 Vulnerability Class: CWE-434: Unrestricted Upload of File with Dangerous Type Impact: Remote Code Execution Exploitability: - Remotely Exploitable: Yes - Locally Exploitable: Yes Release Date: 2020-02-25 Affected Product(s): VisualWare MyConnection Server 11.0 through 11.0b build 5382 Severity Level: High Vulnerability Description: An unauthenticated remote code execution vulnerability was discovered in VisualWare MyConnection Server 11.0 through 11.0b build 5382. The web endpoint at "https://example.com/myspeed/sf" allows an unauthenticated user to upload an arbitrary file to an arbitrary location via a specially crafted POST request. This application is written in Java and is therefore cross-platform. The Windows installation runs the web server as SYSTEM, meaning exploitation grants Administrator privileges on the target system. Vulnerability Disclosure Timeline: - 2021-01-11: Contacted VisualWare about the issue via website contact form - 2021-02-03: Emailed multiple VisualWare POCs requesting disclosure assistance - 2021-02-11: Requested CVE from MITRE for the vulnerability - 2021-02-12: Messaged the lead VisualWare developer on LinkedIn after noticing they had viewed my profile; I assume this was due to my previous attempts to contact them - 2021-02-18: Notified VisualWare again via website contact form and informed them I would disclose the vulnerability if they did not respond - 2021-02-25: Publicly releasing the vulnerability due to the company’s refusal to respond to any attempts to coordinate disclosure

Goal Reached Thanks to every supporter — we hit 100%!

VisualWare MyConnection Server 11.x Remote Code Execution via Unrestricted File Upload (CVE-2021-27198)

More from this source