Vulnerability-Lookup

CNVD-2022-21217

Vulnerability from cnvd - Published: 2022-03-21

Title

Rapid7 Nexpose存在未明漏洞（CNVD-2022-21217)

Description

Rapid7 Nexpose是美国Rapid7公司的一套能够利用扫描结果深度探测网络的漏洞管理软件。该软件支持扫描配置环境的错误、漏洞、恶意软件等。 Rapid7 Nexpose 6.6.93版本及之前版本存在安全漏洞，该漏洞源于Rapid7 Nexpose 6.6.93版本及之前版本易受SQL注入。攻击者可利用该漏洞操纵SearchCriteria中的“ANY”和“OR”运算符，并注入SQL代码。

Severity

中

Patch Name

Rapid7 Nexpose存在未明漏洞（CNVD-2022-21217)的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://docs.rapid7.com/release-notes/nexpose/20220302/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-0757

Impacted products

Name
Rapid7 Nexpose <=6.6.93

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-0757"
    }
  },
  "description": "Rapid7 Nexpose\u662f\u7f8e\u56fdRapid7\u516c\u53f8\u7684\u4e00\u5957\u80fd\u591f\u5229\u7528\u626b\u63cf\u7ed3\u679c\u6df1\u5ea6\u63a2\u6d4b\u7f51\u7edc\u7684\u6f0f\u6d1e\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u626b\u63cf\u914d\u7f6e\u73af\u5883\u7684\u9519\u8bef\u3001\u6f0f\u6d1e\u3001\u6076\u610f\u8f6f\u4ef6\u7b49\u3002\n\nRapid7 Nexpose 6.6.93\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eRapid7 Nexpose 6.6.93\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u6613\u53d7SQL\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u64cd\u7eb5SearchCriteria\u4e2d\u7684\u201cANY\u201d\u548c\u201cOR\u201d\u8fd0\u7b97\u7b26\uff0c\u5e76\u6ce8\u5165SQL\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://docs.rapid7.com/release-notes/nexpose/20220302/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-21217",
  "openTime": "2022-03-21",
  "patchDescription": "Rapid7 Nexpose\u662f\u7f8e\u56fdRapid7\u516c\u53f8\u7684\u4e00\u5957\u80fd\u591f\u5229\u7528\u626b\u63cf\u7ed3\u679c\u6df1\u5ea6\u63a2\u6d4b\u7f51\u7edc\u7684\u6f0f\u6d1e\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u652f\u6301\u626b\u63cf\u914d\u7f6e\u73af\u5883\u7684\u9519\u8bef\u3001\u6f0f\u6d1e\u3001\u6076\u610f\u8f6f\u4ef6\u7b49\u3002\r\n\r\nRapid7 Nexpose 6.6.93\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eRapid7 Nexpose 6.6.93\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u6613\u53d7SQL\u6ce8\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u64cd\u7eb5SearchCriteria\u4e2d\u7684\u201cANY\u201d\u548c\u201cOR\u201d\u8fd0\u7b97\u7b26\uff0c\u5e76\u6ce8\u5165SQL\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Rapid7 Nexpose\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-21217)\u7684\u8865\u4e01",
  "products": {
    "product": "Rapid7 Nexpose \u003c=6.6.93"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-0757",
  "serverity": "\u4e2d",
  "submitTime": "2022-03-18",
  "title": "Rapid7 Nexpose\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2022-21217)"
}

CVE-2022-0757 (GCVE-0-2022-0757)

Vulnerability from cvelistv5 – Published: 2022-03-17 22:30 – Updated: 2024-09-16 17:48

Title

Rapid7 Nexpose SQL Injection

Summary

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-89 - SQL Injection

Assigner

rapid7

References

URL

Tags

https://docs.rapid7.com/release-notes/nexpose/20220302/

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Rapid7	Nexpose	Affected: 6.6.93 , < 6.6.93 (custom)

Credits

Aleksey Solovev

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:40:03.752Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nexpose",
          "vendor": "Rapid7",
          "versions": [
            {
              "lessThan": "6.6.93",
              "status": "affected",
              "version": "6.6.93",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Aleksey Solovev"
        }
      ],
      "datePublic": "2022-03-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 SQL Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-04T14:35:09",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rapid7 Nexpose SQL Injection",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "AKA": "",
          "ASSIGNER": "cve@rapid7.com",
          "DATE_PUBLIC": "2022-03-02T00:00:00.000Z",
          "ID": "CVE-2022-0757",
          "STATE": "PUBLIC",
          "TITLE": "Rapid7 Nexpose SQL Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Nexpose",
                      "version": {
                        "version_data": [
                          {
                            "platform": "",
                            "version_affected": "\u003c",
                            "version_name": "6.6.93",
                            "version_value": "6.6.93"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rapid7"
              }
            ]
          }
        },
        "configuration": [],
        "credit": [
          {
            "lang": "eng",
            "value": "Aleksey Solovev"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129."
            }
          ]
        },
        "exploit": [],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89 SQL Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://docs.rapid7.com/release-notes/nexpose/20220302/",
              "refsource": "CONFIRM",
              "url": "https://docs.rapid7.com/release-notes/nexpose/20220302/"
            }
          ]
        },
        "solution": [],
        "source": {
          "advisory": "",
          "defect": [],
          "discovery": "UNKNOWN"
        },
        "work_around": []
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2022-0757",
    "datePublished": "2022-03-17T22:30:18.220701Z",
    "dateReserved": "2022-02-24T00:00:00",
    "dateUpdated": "2024-09-16T17:48:14.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-21217

CVE-2022-0757 (GCVE-0-2022-0757)

Tags

Sightings

Nomenclature