CVE-2020-36911

Covenant 0.5 - Remote Code Execution (RCE)

CVSS 9.3 CRITICALEPSS 10.4%CWE-798

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Cobbr · Covenant

PoCs públicas encontradas — 3

cve_referencegithub.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rbno verificado cve_referenceweb.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-huntersno verificado cve_referencewww.exploit-db.com/exploits/51141no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://cobbr.io/Covenant.html https://github.com/cobbr/Covenant https://github.com/Zeop-CyberSec/covenant_rce/blob/master/covenant_jwt_rce.rb https://web.archive.org/web/20201013165001/https://twitter.com/cobbr_io/status/1316058367161401344 https://web.archive.org/web/20201101052547/https://blog.null.farm/hunting-the-hunters https://www.exploit-db.com/exploits/51141 https://www.vulncheck.com/advisories/covenant-remote-code-execution-rce