Vulnerabilities > CVE-2018-15812 - Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
dnnsoftware
CWE-331
exploit available
metasploit

Summary

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

Vulnerable Configurations

Part Description Count
Application
Dnnsoftware
5

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Exploit-Db

idEDB-ID:48336
last seen2020-04-16
modified2020-04-16
published2020-04-16
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/48336
titleDotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)

Metasploit

descriptionThis module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type of object to create on deserialization. The cookie is processed by the application whenever it attempts to load the current user's profile data. This occurs when DNN is configured to handle 404 errors with its built-in error page (default configuration). An attacker can leverage this vulnerability to execute arbitrary code on the system.
idMSF:EXPLOIT/WINDOWS/HTTP/DNN_COOKIE_DESERIALIZATION_RCE
last seen2020-06-12
modified2020-04-15
published2019-07-15
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb
titleDotNetNuke Cookie Deserialization Remote Code Excecution

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/157080/dnn_cookie_deserialization_rce.rb.txt
idPACKETSTORM:157080
last seen2020-04-03
published2020-04-03
reporterJon Park
sourcehttps://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
titleDotNetNuke Cookie Deserialization Remote Code Execution