Kusagadzikana kwakawanda kwakaonekwa muJ-Web web interface, iyo inoshandiswa muJuniper network zvishandiso zvine iyo JunOS inoshanda sisitimu, iyo ine njodzi zvakanyanya iyo (CVE-2022-22241) inokutendera iwe kuti uite kure kure kodhi yako muhurongwa pasina. huchokwadi nekutumira yakanyatsogadzirirwa HTTP chikumbiro. Vashandisi veJuniper michina vanorairwa kuisa firmware zvigadziriso, uye kana izvi zvisingaite, ita shuwa kuti kupinda kwewebhu interface kwakavharwa kubva kune ekunze network uye inogumira kune vanovimbwa nevatambi chete.
Chinokosha chekusagadzikana ndechokuti nzira yefaira yakapfuura nemushandisi inogadziriswa mu /jsdm/ajax/logging_brows.php script pasina kusefa prefix nemhando yezvinyorwa pachinhanho chisati chave chechokwadi chekuongorora. Anorwisa anogona kufambisa faira ine hutsinye pasi pechifananidzo obva awana kuurayiwa kweiyo PHP kodhi iri mudura rekuchengetedza achishandisa nzira yekurwisa "Phar deserialization" (semuenzaniso, kutsanangura "filepath=phar:/path/pharfile.jpg ” muchikumbiro).
Dambudziko nderekuti kana uchitarisa faira rakarodzwa uchishandisa iyo PHP basa is_dir(), basa iri rinobva radzima metadata kubva kuFar Archive kana uchigadzira nzira dzinotanga na "phar://". Mhedzisiro yakafanana inocherechedzwa kana uchigadzira nzira dzakapihwa nemushandisi mufaira_get_contents (), fopen (), faira (), faira_exists (), md5_file (), filemtime () uye filesize () mabasa.
Kurwiswa kwakaomeswa nenyaya yekuti kunze kwekutanga kuurayiwa kweiyo phar archive, anorwisa anofanira kuwana nzira yekuidhawunirodha kune mudziyo (nekuwana /jsdm/ajax/logging_browse.php, unogona kungotsanangura nzira gadzira faira ragara riripo). Mamiriro anogona kuitika ekuti mafaera apinde muchishandiso anosanganisira kudhawunirodha faira reFar rakavanzwa semufananidzo kuburikidza nesevhisi yekufambisa mifananidzo uye kutsiva iyo faira muwebhu cache yemukati.
Zvimwe zvinokanganisa:
- CVE-2022-22242 - kutsiva asina kucheneswa ekunze maparamita mukubuda kwechikanganiso.php script, iyo inobvumira kuyambuka-saiti scripting uye kuuraya zvinopokana JavaScript kodhi mubrowser yemushandisi kana uchitevera chinongedzo (semuenzaniso, "https:// JUNOS_IP/error.php?SERVER_NAME= alert(0) " Kusadzikama kwacho kunogona kushandiswa kuvharira madhigirii echikamu kana vanorwisa vakakwanisa kuita kuti maneja avhure chinongedzo chakagadzirwa.
- CVE-2022-22243, CVE-2022-22244 XPATH expression substitution via jsdm/ajax/wizards/setup/setup.php uye /modules/monitor/interfaces/interface.php scripts inobvumira munhu asina kurongeka akatendeseka mushandisi kushandisa masesesheni ekutonga.
- CVE-2022-22245 Kushaikwa kwehutsanana hwakakodzera hwe ".." kutevedzana munzira dzakagadziriswa mu Upload.php script inobvumira mushandisi ane chokwadi kuti aise yavo PHP faira kune dhairekitori inobvumira PHP zvinyorwa kuti zviitwe (semuenzaniso, nekupfuura. nzira "fileName=\. .\..\..\..\www\dir\new\shell.php").
- CVE-2022-22246 - Kugona kwekuita zvisina tsarukano yenzvimbo PHP faira kuuraya kuburikidza nekunyengedza nemushandisi ane chokwadi wejrest.php script, umo maparameter ekunze anoshandiswa kugadzira zita refaira rakatakurwa ne "require_once ()" basa (re muenzaniso, "/jrest.php?payload =alol/lol/chero\..\..\..\..\chero\faira")
Source: opennet.ru