关联漏洞
描述
Detection Artefact Generator for Dell UnityVSA CVE-2025-36604
介绍
# watchTowr-vs-Dell-UnityVSA-CVE-2025-36604
Detection Artifact Generator for Dell UnityVSA CVE-2025-36604
https://github.com/user-attachments/assets/28488a97-7845-4b78-9fe7-64b9172ab023
See our [blog post](https://labs.watchtowr.com/) for technical details
# Detection in Action
```
python watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604.py --target https://192.168.5.45/ --command "touch /tmp/boom"
__ ___ ___________
__ _ ______ _/ |__ ____ | |_\__ ____\____ _ ________
\ \/ \/ \__ \ ___/ ___\| | \| | / _ \ \/ \/ \_ __ \
\ / / __ \| | \ \___| Y | |( <_> \ / | | \/
\/\_/ (____ |__| \___ |___|__|__ | \__ / \/\_/ |__|
\/ \/ \/
watchTowr-vs-Dell-UnityVSA-CVE-2025-36604.py
(*) Dell UnityVSA Unauthenticated Remote Command Injection Detection Artifact Generator
- Sina Kheirkhah (@SinSinology) of watchTowr (@watchTowrcyber)
CVEs: [CVE-2025-36604]
[+] Sent exploit to https://192.168.5.45
```
# Description
This script attempts to detect if Dell UnityVSA is vulnerable to CVE-2025-36604
# Affected Versions
Versions prior to 5.5.1 are affected by this issue
For more information visit [Dell UnityVSA Security Update Notes](https://www.dell.com/support/kbdoc/en-uk/000350756/dsa-2025-281-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities)
# Follow [watchTowr](https://watchTowr.com) Labs
For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team
- https://labs.watchtowr.com/
- https://x.com/watchtowrcyber
文件快照
[4.0K] /data/pocs/e6fcd28689b6cbf52693a738df16136ea7e4d204
├── [1.7K] README.md
└── [1.4K] watchTowr-vs-Dell-UnityVSA-PreAuth-CVE-2025-36604.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。