【网络运维渗透团队已经累计向CNVD提供100+通用漏洞】
目录
1.漏洞概述
2.影响版本
3.漏洞等级
4.漏洞复现
5.Nuclei自动化扫描POC
6.修复建议
1.漏洞概述
北京神州绿某科技有限公司是国内安全厂商,旗下的绿盟综合威胁探针 UTS 搭载IDS和WAF双检测引擎系统,结合威胁情报、恶意文件检测、DDoS检测、Webshell检测和异常行为检测等手段能快速检测传统威胁和高级威胁。
北京神州绿某科技有限公司UTS综合威胁探针存在信息泄露漏洞,攻击者可利用该漏洞获取敏感信息。
CNVD:https://www.cnvd.org.cn/flaw/show/CNVD-2022-50360(已确认编号)
2.影响版本
UTS统一威胁探针
3.漏洞等级
中危
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
cvss-score: 5.8
4.漏洞复现
POC:
(请扫码阅读原文获取)
可获取用户名密码。
账号:admin
密码解密:
账号:auditor
密码解密:
5.Nuclei自动化扫描POC
(请扫码阅读原文获取)
6.修复建议
厂商已提供漏洞修补方案,请关注厂商主页及时更新:https://www.nsfocus.com.cn/
知法懂法,请各位网络安全从业者遵守《网络安全法》、《个人信息保护法》
知法懂法,请各位网络安全从业者遵守《网络安全法》、《个人信息保护法》
业*&&&务**&&联&&&*&&系
XHU3ZjUxXHU3ZWRjXHU4ZmQwXHU3ZWY0XHU2ZTE3XHU5MDBmXHU1NmUyXHU5NjFmXHUyMDBiXHU2MjdmXHU2M2E1XHVmZjFhXHVhXHUwMDMxXHUwMDJlXHUwMDQzXHUwMDRlXHUwMDU2XHUwMDQ0XHU4YmMxXHU0ZTY2XHU2MzE2XHU2Mzk4XHVmZjFiXHVhXHUwMDQzXHUwMDRlXHUwMDU2XHUwMDQ0XHU4ZDJkXHU0ZTcwXHU4OWM0XHU1MjE5XHVmZjFhXHVhXHU3ZjE2XHU1M2Y3XHU3YzdiXHVmZjFhXHVhXHU5XHU5MDFhXHU3NTI4XHU1NzhiXHU0ZTJkXHU1MzcxXHUwMDQzXHUwMDRlXHUwMDU2XHUwMDQ0XHU3ZjE2XHU1M2Y3XHVmZjFhXHUwMDMyXHUwMDMwXHUwMDMwXHVhXHU5XHU5MDFhXHU3NTI4XHU1NzhiXHU5YWQ4XHU1MzcxXHUwMDQzXHUwMDRlXHUwMDU2XHUwMDQ0XHU3ZjE2XHU1M2Y3XHVmZjFhXHUwMDM1XHUwMDMwXHUwMDMwXHVhXHU5XHU4YmY0XHU2NjBlXHVmZjFhXHU5MDFhXHU3NTI4XHU1NzhiXHU2ZjBmXHU2ZDFlXHU3ZjE2XHU1M2Y3XHU0ZTNiXHU4OTgxXHU5NDg4XHU1YmY5XHU1ZjAwXHU2ZTkwXHU3YTBiXHU1ZThmXHVmZjBjXHU1MTZjXHU1M2Y4XHU4ZDQ0XHU0ZWE3XHU2NzJhXHU4ZmJlXHU1MjMwXHUwMDM1XHUwMDMwXHUwMDMwXHUwMDMwXHU0ZTA3XHU0ZWU1XHU0ZTBhXHU3Njg0XHU1MzgyXHU1YmI2XHU0ZWE3XHU1NGMxXHUzMDAyXHVhXHVhXHU4YmMxXHU0ZTY2XHU3YzdiXHVmZjFhXHVhXHUwMDIwXHUwMDIwXHU5YWQ4XHU1MzcxXHU0ZThiXHU0ZWY2XHU1NzhiXHU4YmMxXHU0ZTY2XHVmZjFhXHUwMDMxXHUwMDMwXHUwMDMwXHUwMDMwXHVhXHVhXHUwMDIwXHUwMDIwXHU0ZTJkXHU1MzcxXHU5MDFhXHU3NTI4XHU1NzhiXHUwMDQzXHUwMDRlXHUwMDU2XHUwMDQ0XHU4YmMxXHU0ZTY2XHVmZjFhXHVhXHU5XHU5XHUwMDIwXHUwMDIwXHUwMDIwXHU2NzJhXHU2Mzg4XHU2NzQzXHU0ZWZiXHU2MTBmXHU2NTg3XHU0ZWY2XHU0ZTBiXHU4ZjdkXHUwMDJmXHU4YmZiXHU1M2Q2XHU3YzdiXHU2ZjBmXHU2ZDFlXHVmZjFhXHUwMDM3XHUwMDMwXHUwMDMwXHVhXHU5XHU5XHUwMDIwXHUwMDIwXHUwMDIwXHU1MTc2XHU0ZWQ2XHU2NzJhXHU2Mzg4XHU2NzQzXHU4YmJmXHU5NWVlXHUzMDAxXHU0ZmUxXHU2MDZmXHU2Y2M0XHU5NzMyXHU3YzdiXHU2ZjBmXHU2ZDFlXHVmZjFhXHUwMDM2XHUwMDMwXHUwMDMwXHVhXHVhXHU5YWQ4XHU1MzcxXHU5MDFhXHU3NTI4XHU1NzhiXHUwMDQzXHUwMDRlXHUwMDU2XHUwMDQ0XHU4YmMxXHU0ZTY2XHVmZjFhXHVhXHU5XHU5XHUwMDIwXHUwMDIwXHUwMDIwXHU1M2VmXHU3NmY0XHU2M2E1XHU4M2I3XHU1M2Q2XHUwMDczXHUwMDY4XHUwMDY1XHUwMDZjXHUwMDZjXHU3YzdiXHVmZjA4XHUwMDUyXHUwMDQzXHUwMDQ1XHUwMDJmXHU0ZWZiXHU2MTBmXHU2NTg3XHU0ZWY2XHU0ZTBhXHU0ZjIwXHVmZjA5XHVmZjFhXHUwMDMyXHUwMDMwXHUwMDMwXHUwMDMwXHVhXHU5XHU5XHUwMDIwXHUwMDIwXHUwMDIwXHUwMDUzXHUwMDUxXHUwMDRjXHU2Y2U4XHU1MTY1XHU3YzdiXHVmZjFhXHUwMDMxXHUwMDM1XHUwMDMwXHUwMDMwXHVhXHVhXHU4YmY0XHU2NjBlXHVmZjFhXHU5MDFhXHU3NTI4XHU1NzhiXHUwMDJmXHU0ZThiXHU0ZWY2XHU1NzhiXHUwMDIwXHU5YWQ4XHU1MzcxXHUwMDQzXHUwMDRlXHUwMDU2XHUwMDQ0XHU4YmMxXHU0ZTY2XHU0ZTNiXHU4OTgxXHU5NDg4XHU1YmY5XHU1MTZjXHU1M2Y4XHU4ZDQ0XHU0ZWE3XHU4ZmJlXHU1MjMwXHUwMDM1XHUwMDMwXHUwMDMwXHUwMDMwXHU0ZTA3XHU0ZWU1XHU0ZTBhXHU3Njg0XHU1MzgyXHU1YmI2XHU0ZWE3XHU1NGMxXHVmZjBjXHU0ZTE0XHU2ZjBmXHU2ZDFlXHU3NzFmXHU1YjllXHU1YjU4XHU1NzI4XHU4MGZkXHU1ZTI2XHU2NzY1XHU1ZGU4XHU1OTI3XHU1MzcxXHU1YmIzXHUzMDAyXHVhXHU2Y2U4XHU2MTBmXHVmZjFhXHU4ZDJkXHU0ZTcwXHU5YWQ4XHU1MzcxXHVmZjFhXHUwMDQzXHUwMDRlXHUwMDU2XHUwMDQ0XHU4YmMxXHU0ZTY2XHU3ZWVkXHU3YjdlXHU2MjdmXHU4YmZhXHU0ZTY2XHVmZjBjXHU0ZWU1XHU0ZmRkXHU4YmMxXHU0ZTBkXHU3NTI4XHU0ZThlXHU4ZmRkXHU2Y2Q1XHU3MmFmXHU3ZjZhXHUzMDAyXHVhXHVhXHU1MTQ4XHU0ZWQ4XHU1YjlhXHU5MWQxXHVmZjBjXHU1MThkXHU3ZWQ5XHU2MmE1XHU1NDRhXHVmZjBjXHU1OTgyXHU2ZjBmXHU2ZDFlXHU0ZTBkXHU5MDFhXHU4ZmM3XHVmZjBjXHU1M2VmXHU5NjhmXHU2NWY2XHU2MjdlXHU2MjExXHVmZjBjXHU1YmY5XHU1YmEyXHU2MjM3XHU0ZTAwXHU1YjlhXHU4ZDFmXHU4ZDIzXHU1MjMwXHU1ZTk1XHUzMDAyXHVhXHU5XHVhXHU4ZDJkXHU0ZTcwXHU1NmRiXHU0ZTJhXHU0ZTJkXHU1MzcxXHU2ZjBmXHU2ZDFlXHU4YmMxXHU0ZTY2XHUwMDJiXHU4ZDYwXHU5MDAxXHU0ZTAwXHU0ZTJhXHU0ZTJkXHU1MzcxXHU2ZjBmXHU2ZDFlXHU4YmMxXHU0ZTY2XHVhXHU4ZDJkXHU0ZTcwXHU0ZTI0XHU0ZTJhXHU5YWQ4XHU1MzcxXHU2ZjBmXHU2ZDFlXHU4YmMxXHU0ZTY2XHU0ZTAwXHU0ZTJhXHU0ZTJkXHU1MzcxXHU2ZjBmXHU2ZDFlXHU4YmMxXHU0ZTY2XHUwMDJiXHU4ZDYwXHU5MDAxXHU0ZTAwXHU0ZTJhXHU0ZTJkXHU1MzcxXHU2ZjBmXHU2ZDFlXHU4YmMxXHU0ZTY2XHVhXHVhXHUwMDMyXHUwMDJlXHU2ZTE3XHU5MDBmXHU2ZDRiXHU4YmQ1XHVmZjA4XHU0ZTAwXHU0ZTJhXHU3Y2ZiXHU3ZWRmXHUwMDM4XHUwMDMwXHUwMDMwXHUwMDdlXHUwMDMxXHUwMDMwXHUwMDMwXHUwMDMwXHUwMDUyXHUwMDRkXHUwMDQyXHU0ZTAwXHU2YjIxXHU2ZTE3XHU5MDBmXHVmZjA5XHVmZjFiXHVhXHVhXHUwMDMzXHUwMDJlXHU3ZWEyXHU5NjFmXHU4YmM0XHU0ZjMwXHVmZjA4XHU3YTgxXHU3ODM0XHU4ZmRiXHU1MTg1XHU3ZjUxXHU3ZWQzXHU2YjNlXHVmZjBjXHU3NzBiXHU4M2I3XHU1M2Q2XHU2NzQzXHU5NjUwXHU3ZWQzXHU2YjNlXHVmZjFhXHUwMDM1XHUwMDMwXHUwMDMwXHUwMDMwXHUwMDdlXHUwMDMxXHUwMDMwXHUwMDU3XHVmZjA5XHVmZjFiXHVhXHVhXHUwMDM0XHUwMDJlXHU2MmE0XHU3ZjUxXHVmZjA4XHU1ZTAyXHU2MmE0XHU3ZjUxXHU0ZTAwXHU1MjA2XHUwMDM4XHUwMDdlXHUwMDMxXHUwMDMwXHU1MTQzXHUzMDAxXHU3NzAxXHU2MmE0XHU3ZjUxXHU0ZTAwXHU1MjA2XHUwMDMxXHUwMDMwXHUwMDdlXHUwMDMxXHUwMDM1XHU1MTQzXHUzMDAxXHU1NmZkXHU2MmE0XHU0ZTAwXHU1MjA2XHUwMDMxXHUwMDM1XHUwMDdlXHUwMDMzXHUwMDMwXHU1MTQzXHVmZjA5XHVmZjFiXHVhXHVhXHUwMDM1XHUwMDJlXHU0ZWUzXHU3ODAxXHU1YmExXHU4YmExXHVmZjA4XHU0ZTAwXHU4ODRjXHU0ZWUzXHU3ODAxXHU0ZTAwXHU1MTQzXHVmZjBjXHU1YzAxXHU5ODc2XHUwMDMyXHUwMDU3XHVmZjA5XHVmZjFiXHVhXHVhXHUwMDM2XHUwMDJlXHU1ZTk0XHU2MDI1XHU1NGNkXHU1ZTk0XHVmZjA4XHU3ZWJmXHU0ZTBhXHU4ZmRjXHU3YTBiXHVmZjFhXHUwMDM5XHUwMDMwXHUwMDMwXHU0ZTAwXHU2YjIxXHVmZjBjXHU3ZWJmXHU0ZTBiXHVmZjFhXHUwMDMxXHUwMDM1XHUwMDMwXHUwMDMwXHU0ZTAwXHU2YjIxXHVmZjA5XHVhXHVhXHVhXHU4MDU0XHU3Y2ZiXHU1ZmFlXHU0ZmUxXHVmZjA4XHU1MmE5XHU3NDA2XHU1YzBmXHU1OWQwXHU1OWQwXHVmZjA5XHVmZjFhXHUwMDUyXHUwMDYxXHUwMDYyXHUwMDYyXHUwMDY5XHUwMDc0XHUwMDJkXHUwMDRiXHUwMDYxXHUwMDcyXHUwMDY1XHUwMDZlXHUwMDcyXHUwMDMy
(base64转unicode解密)
更多文章请前往:https://blog.csdn.net/qq_41490561
往期推荐
原文始发于微信公众号(网络运维渗透):【漏洞预警/复现】绿某科技集团股份有限公司UTS统一威胁探针信息泄露漏洞复现 CNVD-2022-50360
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论