Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-37298 PoC — Shinken 授权问题漏洞

Source
https://github.com/dbyio/cve-2022-37298
Associated Vulnerability
Title:Shinken 授权问题漏洞 (CVE-2022-37298)
Description:Shinken是Gabès Jean个人开发者的一个现代的、Nagios 兼容的监控框架。 Shinken Monitoring 2.4.3 版本存在授权问题漏洞,该漏洞源于不正确的访问控制。shinken/safepickle.py 中的 SafeUnpickler 类在从监控节点传递到 Shinken 监控服务器时使用了弱身份验证方案。
Description
CVE-2022-37298 Shinken Monitoring
Readme
# CVE-2022-37298: RCE in Shinken Monitoring 

**Versions affected:** 2.4.3  
**Disclosure link:** https://github.com/naparuba/shinken/commit/2dae40fd1e713aec9e1966a0ab7a580b9180cff2  
**CVE link:** https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37298  
  
## Description

The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme (actually no authentication at all) when unserializing objects passed from legitimate monitoring nodes to the Shinken server. A remote attacker can craft and send a pickle object instantiating an internal, implicitly trusted Shinken object; some of which can be leveraged to execute arbitrary code on the monitoring server itself.

### Usage
`python CVE-2022-37298.py` 

![poc](https://user-images.githubusercontent.com/12803470/199597211-e142b785-d457-4d06-8a26-3603ab014b09.gif)
File Snapshot

 [4.0K]  /data/pocs/633b173b27ef5daffdf683c62e55f6143b81140b
├── [1009]  CVE-2022-37298.py
└── [ 857]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.