Integria IMS Remote Code Execution

Posted date 06/10/2021
Importance
5 - Critical
Affected Resources

Integria IMS version 5.0.92.

Description

INCIBE has coordinated the publication of a vulnerability in Integria IMS, with the internal code INCIBE-2021-0404, which has been discovered by @nag0mez (special mention to @_Barriuso).

CVE-2021-3832 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Solution

Check of authenticated user before uploading files. In addition, blacklist of not allowed extensions. This vulnerability has been solved in Integria IMS 5.0 93.

Detail

Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. An unauthenticated attacker could abuse the AsyncUpload() function in order to exploit the vulnerability.

This vulnerability has been solved in Integria IMS 5.0 93.

CWE-434: Unrestricted Upload of File with Dangerous Type.

TIMELINE:

08/04/2021 - Researchers discovery.
09/04/2021 - Researchers contact with INCIBE.
20/05/2021 - Integria IMS confirms that the fix version and the release software patch have been published (Security Patch).
06/10/2021 - The advisory is published by INCIBE.

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

Encuesta valoración

References list