Can you explain this vulnerability to me?

This vulnerability is a critical code injection flaw in Yonyou UFIDA NC version 6.5 and earlier. It arises because the BeanShell testing servlet (bsh.servlet.BshServlet) is exposed without proper access controls, allowing unauthenticated remote attackers to execute arbitrary Java code by sending malicious commands via the bsh.script parameter. This enables attackers to run system commands remotely and gain full control over the affected server. [1, 2]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to remote code execution with the highest system privileges without requiring any authentication or user interaction. An attacker can execute arbitrary system commands, potentially taking full control of the target server, compromising confidentiality, integrity, and availability of the system and its data. [1, 2]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

The vulnerability can be detected by checking for the presence and accessibility of the BeanShell testing servlet at the endpoint /servlet/~ic/bsh.servlet.BshServlet. Detection can be automated by sending POST requests to this endpoint with the parameter bsh.script containing commands to execute system commands, such as exec("whoami"); on Linux or exec("ipconfig"); on Windows. Indicators of successful detection include responses containing "uid=" on Linux or "Windows IP" on Windows. Tools like nuclei can be used with specific YAML templates to automate this detection. [2]

Useful 0 Not Useful 0