[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] LKX-2023-001 VinChin VMWare Backup
From: Gregory Boddin via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2023-10-25 23:23:46
Message-ID: 6-wsTJE2sBf_W2BCfbRz7qJHjwP2HW549rLCLKCwy6KlklNlql48Dspo-u69XLHbaiYK3MQBwdrmM6JpdXmWWWVWf_bJYy_Gq-jlfSxjGpg= () leakix ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
VinChin Backup & Recovery is an all-in-one backup solution for virtual inf=
rastructures supporting VMWare, KVM, Xen Server, Hyper-V, OpenStack and mo=
re. The product also supports AWS, Azure and other cloud providers as back=
up storage.
VinChin has failed to acknowledge the various requests over a month period=
, we are thus disclosing the following vulnerabilities:
CVE-2023-45499 - VinChin VMWare Backup 5.0 to 7.0
During our research we discovered an HTTP API exposed by VinChin Backup. T=
his API can be accessed using hard-coded credentials.
CVE-2023-45498 - VinChin VMWare Backup 5.0 to 7.0
While exploring the various functionalities exposed by the API a particula=
r endpoint was found vulnerable to improper input sanitization. A speciall=
y crafted payload results in remote code execution allowing the attacker t=
o execute code with the permissions of the web server.
Timeline:
2023-09-22: LeakIX makes initial contact
2023-09-25: VinChin request details
2023-09-25: LeakIX request Safe harbour
2023-09-26: No reply, LeakIX requests update
2023-09-27: No reply, LeakIX sends PoC
2023-09-29: No reply, LeakIX requests feedback
2023-10-05: No reply, LeakIX requests feedback
2023-10-10: No reply, LeakIX requests feedback from alternative email
2023-10-11: No reply, LeakIX requests feedback from another alternative em=
ail
2023-10-16: No reply, CVE reserved and vendor notified
2023-10-18: No reply, LeakIX sent 7 day disclosure warning
2023-10-24: LeakIX sends early warning to providers hosting VinChin on the=
ir network.
2023-10-26: No reply, Publishing this advisory
["publickey - gregory@leakix.net - 0x6E783F68.asc" (application/pgp-keys)]
["signature.asc" (application/pgp-signature)]
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic