本期话题:Greekn爱分析第四期(漏洞动态跟踪方法)
当需要跟踪一个新的CVE编号的漏洞动态,有什么方法。可以通过ATTACKERKB这个项目进行开展工作,ATTACKERKB项目是由Rapid7官方支持的一个漏洞评估交流平台,通过借助社区的力量去评估一个新爆发的通用型漏洞,收集整理关于新的漏洞技术指标,来评估漏洞是否会被威胁参与者利用,或者漏洞是否值得修补。
官网链接:https://attackerkb.com/
我们还是按照上篇文章,Greekn爱分析第三期(如何理解网络中的漏洞动态)。
链接:https://mp.weixin.qq.com/s/ANfHj0d2Cgn2VJeOr8j89g
里面提到的漏洞技术指标进行搜索演示:
1.CVE漏洞编号定义漏洞身份
当我们对一个CVE漏洞编号感兴趣比如:CVE-2021-39144这个漏洞代表2021年爆发的,39144是漏洞身份编号。
2.CAPEC通过知识图谱对漏洞类型动作的定义
目前平台没有引入CAPEC知识图谱
3.CVSS漏洞利用价值评估
该漏洞CVSS v3 评分为: 8.5,下面是CVSS攻击向量参数。
攻击向量(AV):网络
攻击复杂性 (AC):高的
所需特权 (PR):低的
用户交互(用户界面):没有任何
范围(S):改变了
保密性(C):高的
完整性(一):高的
可用性 (A):高的
4.CPE配置漏洞对应软件版本
CPE打击范围
供应商:
debian
fedoraproject
netapp
oracle
xstream project
产品:
business activity monitoring 12.2.1.4.0
commerce guided search 11.3.2
communications billing and revenue management elastic charging engine 11.3,
communications billing and revenue management elastic charging engine 12.0,
communications cloud native core automated test suite 1.9.0
communications cloud native core binding support function 1.10.0
communications cloud native core policy 1.14.0
communications unified inventory management 7.3.4
communications unified inventory management 7.3.5
communications unified inventory management 7.4.0
communications unified inventory management 7.4.1
communications unified inventory management 7.4.2
debian linux 10.0
debian linux 11.0
debian linux 9.0
fedora 33
fedora 34
fedora 35
retail xstore point of service 16.0.6
retail xstore point of service 17.0.4
retail xstore point of service 18.0.3
retail xstore point of service 19.0.2
retail xstore point of service 20.0.1
snapmanager -
utilities framework 4.2.0.2.0
utilities framework 4.2.0.3.0
utilities framework 4.3.0.1.0
utilities framework 4.3.0.6.0
utilities framework 4.4.0.0.0
utilities framework 4.4.0.2.0
utilities framework 4.4.0.3.0
utilities testing accelerator 6.0.0.1.1
webcenter portal 12.2.1.3.0
webcenter portal 12.2.1.4.0
xstream
5.详细的漏洞细节和POC&EXP
POC模块
Metasploit 模块
exploit/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144 (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vmware_nsxmgr_xstream_rce_cve_2021_39144.rb)
漏洞细节链接:
CVE第三方平台链接:
CVE-2021-39144 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39144)
厂商公告链接:
https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh
https://security.netapp.com/advisory/ntap-20210923-0003/
[debian-lts-announce] 20210929 [SECURITY] [DLA 2769-1] libxstream-java security update (https://lists.debian.org/debian-lts-announce/2021/09/msg00017.html)
FEDORA-2021-fbad11014a (https://lists.fedoraproject.org/archives/list/package[email protected]/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/)
FEDORA-2021-d894ca87dc (https://lists.fedoraproject.org/archives/list/package[email protected]/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/)
FEDORA-2021-5e376c0ed9 (https://lists.fedoraproject.org/archives/list/package[email protected]/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/)
DSA-5004 (https://www.debian.org/security/2021/dsa-5004)
其他参考链接:
https://x-stream.github.io/CVE-2021-39144.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
http://packetstormsecurity.com/files/169859/VMware-NSX-Manager-XStream-Unauthenticated-Remote-Code-Execution.html
平台对CVE-2021-39144漏洞打的标签:
企业常见
易于武器化
给予特权访问
未经认证
默认配置
易受攻击
还有一些其他数据比如漏洞在野等等可以拿来做参考。
原文始发于微信公众号(我的安全梦):Greekn爱分析第四期(漏洞动态跟踪方法)
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论