CVE Hat-trick!

CVE Hat-trick!

What does it actually mean when we talk about CVE, short for Common Vulnerability Exposures?

Let’s break it down:

  • Common: These are not exceptional problems, they can occur anywhere, whether in common software or a broader system.
  • Vulnerabilities: Think of these as weaknesses, such as doors that can’t be properly locked.
  • Exposures: This section talks about how these vulnerabilities can be exposed by outsiders - like a thief who finds out that your back door is an easy target.

To simplify it, imagine a popular type of lock that is used in many houses, and suddenly it is discovered that it can be unlocked with a simple paperclip. In this case, CVE would be a warning to all users of that lock to let them know about the error and get instructions on how to fix it or replace the lock. This is where our ethical hacker Andrej comes in, who after identifying and reporting the vulnerability, obtained 3 CVE ID numbers that specifically name his find. The ability and expertise needed to find and identify CVEs underlines our motto: hackers on your side!

Let’s take a closer look at the specific finds:

CVE-2022-37830: Stored XSS in WebJET CMS

CVE-2022-37830, a high severity (9.0 CVSS score) Stored Cross-Site Scripting (XSS) vulnerability in the WebJET CMS, was Andrej’s first discovery. The vulnerability was located in the “data[65][title]” and “data[65][thumbLink]” parameters of the CMS, which allowed users with lower privileges to execute malicious JavaScript in the browsers of other users, including the administrator.

Solution: Includes implementing robust input sanitization filters for all inputs and outputs, using a single validation layer, and encoding potentially malicious characters into HTML entities (or HEX encoding for JavaScript). Implementing whitelisting using regular expressions is also recommended.

CVE-2022-38484: Path Traversal vulnerability in AgeVolt portal

The second discovery, CVE-2022-38484, a critical (9.1 CVSS score) vulnerability in AgeVolt Portal, allowed attackers to upload files anywhere in the system. This posed a serious risk of unauthorized access and potential remote code execution (RCE), which allows an attacker to have control of the vulnerable server and could then exploit it to break into the company or attack any system on the Internet.

Solution: countermeasures include strict validation and sanitization of inputs, maintaining a list of allowed file types and file extensions, applying strict file type controls, and separating uploaded files in a secure, restricted directory.

CVE-2022-38485: Disclosure of information in the AgeVolt portal

Finally, CVE-2022-38485, with a severity score of 6.8, was an information disclosure vulnerability caused by directory traversal in the AgeVolt portal that allows attackers to read files from anywhere on the system.

Solution: Mitigation strategies are similar to CVE-2022-38484 and emphasize input validation, sanitization, use of whitelists, and securely storing uploaded files in dedicated directories.

At Citadelo, we have a large team of experienced ethical hackers just like Andrej who scored his recent CVE hattrick. We are proud to say that finding and helping with CVEs is not uncommon with us, as we have identified more than 20 of them during our practice.

So, If you want to put your cybersecurity to a proper test by our expert team of ethical hackers, get in touch with us today! We are Citadelo - hackers on your side.

About the author

Citadelo is a firm of ethical hackers on your side. We think like hackers, but we don't abuse it. On the contrary, our main goal is to reveal vulnerabilities without causing damage. We have been conducting simulated attacks for our clients since 2006
Show more from author

Related blogs