Skip to content

Latest commit

 

History

History
 
 

CVE-2020-5377_CVE-2021-21514

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 

CVE-2020-5377 and CVE-2021-21514: Dell OpenManage Server Administrator Arbitrary File Read

Information

Description: This vulnerability allow arbitrary file read with system level permissions on Dell OpenManage Server Administrator <9.5.
Versions Affected: <9.5
Researcher: David Yesland (https://twitter.com/daveysec)
Disclosure Link: https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2020-5377
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2021-21514
Dell disclosure Link: https://www.dell.com/support/kbdoc/en-us/000183670/dsa-2021-040-dell-emc-openmanage-server-administrator-omsa-security-update-for-multiple-vulnerabilities
Dell disclosure Link: https://www.dell.com/support/kbdoc/en-us/000176967/dsa-2020-172-dell-emc-openmanage-server-administrator-omsa-path-traversal-vulnerability

Proof-of-Concept Exploit

Description

This exploit uses a known authentication bypass to obtain a valid session cookie for the web management interface of OMSA. It then uses an arbitrary file read API endpoint to read files from the server.

Usage/Exploitation

CVE-2020-5377.py <yourIP> <targetIP>:<targetPort> This will give a prompt to read files from.

Screenshot

POC