Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-47316: CVE-2023-47316 – Headwind MDM Web panel 5.22.1 – Missing Permission Control - Boltonshield

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls.

CVE
#vulnerability#web#auth

Published CVE numbers:

  • https://www.cve.org/CVERecord?id=CVE-2023-47316

  • https://nvd.nist.gov/vuln/detail/CVE-2023-47316

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls.

Exploitation’s steps

Authentication: Required (A low-level user access is enough)

  • Login to the web panel with the low-level user

  • By modifying the cookie user so that the superadmin property is set to True, the user interface will show sensitive functions such as user management, file upload, and audit-related functions. These functions are not supposed to be accessible to low-level users. It is important to note that mostly only API calls using GET method can be called this way with the permission of a low-level user. The only exception is the file add function (/rest/private/web-ui-files POST).

Available functions before modifying the user cookie

Available functions after changing the user cookie

Setting up an attacker proxy like Burp to intercept outgoing HTTP requests and modify them (if it is needed)

  • By uploading files, attackers may be able to exploit other vulnerabilities; By retrieving the audit function, attackers may learn sensitive information, including login credentials; By retrieving the users’ list, attackers may be able to get the authToken of other users and to get the password reset token (in case the password reset feature is enabled)

  • Important note: This vulnerability may aid attackers in exploiting other issues, such as CVE-2023-47315, by allowing them to learn the authToken of other users.

Related news

CVE-2023-47315: CVE-2023-47315 – Headwind MDM Web panel 5.22.1 – Hardcoded JWT Secret - Boltonshield

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret.

CVE-2023-47314: CVE-2023-47314 – Headwind MDM Web panel 5.22.1 – XSS via Uncontrolled File Upload - Boltonshield

Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (XSS) via Uncontrolled File Upload.

CVE-2023-47312: CVE-2023-47312 – Headwind MDM Web panel 5.22.1 – Login Credential Leakage via Audit Entries - Boltonshield

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907