Vulnerabilities > CVE-2018-18326 - Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
Exploit-Db
id | EDB-ID:48336 |
last seen | 2020-04-16 |
modified | 2020-04-16 |
published | 2020-04-16 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/48336 |
title | DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit) |
Metasploit
description | This module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type of object to create on deserialization. The cookie is processed by the application whenever it attempts to load the current user's profile data. This occurs when DNN is configured to handle 404 errors with its built-in error page (default configuration). An attacker can leverage this vulnerability to execute arbitrary code on the system. |
id | MSF:EXPLOIT/WINDOWS/HTTP/DNN_COOKIE_DESERIALIZATION_RCE |
last seen | 2020-06-12 |
modified | 2020-04-15 |
published | 2019-07-15 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/dnn_cookie_deserialization_rce.rb |
title | DotNetNuke Cookie Deserialization Remote Code Excecution |
Packetstorm
data source | https://packetstormsecurity.com/files/download/157080/dnn_cookie_deserialization_rce.rb.txt |
id | PACKETSTORM:157080 |
last seen | 2020-04-03 |
published | 2020-04-03 |
reporter | Jon Park |
source | https://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html |
title | DotNetNuke Cookie Deserialization Remote Code Execution |
References
- http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html
- https://github.com/dnnsoftware/Dnn.Platform/releases
- https://github.com/dnnsoftware/Dnn.Platform/releases
- https://www.dnnsoftware.com/community/security/security-center
- https://www.dnnsoftware.com/community/security/security-center