ConnectWise ManagedITSync SQL Injection Vulnerability
漏洞信息
漏洞名称: ConnectWise ManagedITSync SQL Injection Vulnerability
漏洞编号:
- CVE: CVE-2017-18362
漏洞类型: SQL注入
漏洞等级: 严重
漏洞描述: ### 受影响产品
ConnectWise ManagedITSync是一款用于Kaseya VSA的集成工具,旨在帮助企业自动化IT管理任务。它广泛应用于企业级IT服务管理,特别是在需要与Kaseya VSA集成的场景中。由于其广泛的应用,该漏洞的影响范围较大。
漏洞说明
该漏洞属于SQL注入类型,由于ManagedIT.asmx页面未经验证即可访问,攻击者可以在无需认证的情况下执行任意SQL查询。这种漏洞的根本原因在于输入验证不充分,使得攻击者能够通过构造恶意的SQL语句来操纵数据库。
影响分析
此漏洞的安全风险极高,攻击者可以利用它进行远程命令执行,进而可能获取敏感数据、破坏服务或进行其他恶意操作。由于漏洞利用无需认证,且可以通过网络接口直接访问,因此攻击门槛较低,易于自动化利用。这可能导致广泛的数据泄露和服务中断,对受影响企业的运营和安全构成严重威胁。
产品厂商: ConnectWise
产品名称: ManagedITSync
影响版本: through 2017 for Kaseya VSA
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12770
类型: projectdiscovery/nuclei-templates:github issues
来源概述
Description:
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA contains an unauthenticated remote command execution caused by accessible ManagedIT.asmx page, letting attackers run arbitrary SQL queries without authentication, exploit requires access to the web interface.
Severity: Critical
POC:
KEV: True
Shodan Query: NA
Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(
-debug) along with the template to help the triage team with validation or can also share a vulnerable environment like docker file.
Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.