{"uuid": "a31ae198-d199-46d0-87b2-62a3417d4ef4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21907", "type": "published-proof-of-concept", "source": "https://t.me/ShizoPrivacy/291", "content": "|CVE-2022-21907|\nHTTP Protocol Stack RCE Vulnerability\nCVSS score:3.1 9.8 \n\n\ud83d\udee1\u0422\u043e\u043b\u044c\u043a\u043e \u0432 \u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445!\n\u042d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0441\u0430\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0440\u0430\u0436\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0441\u0430\u043c\u043e\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u043d\u043e, \u043f\u043e-\u0434\u0440\u0443\u0433\u043e\u043c\u0443 \u0442\u0430\u043a\u043e\u0439 \u0442\u0438\u043f \u0435\u0449\u0451 \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f wormable \u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0441\u0442\u0435\u043a\u043e\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 HTTP(http.sys). \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0435 \u0431\u044b\u043b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d, \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 \u043f\u0430\u043a\u0435\u0442 \u043d\u0430 \u0430\u0442\u0430\u043a\u0443\u0435\u043c\u044b\u0439 \u0441\u0435\u0440\u0432\u0430\u043a. \u0422\u0430\u043a\u0436\u0435, \u0445\u043e\u0447\u0443 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u0447\u0435\u0440\u0435\u0437 \u043e\u0434\u0438\u043d \u0438\u043b\u0438 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u043e\u0432. \u0427\u0442\u043e \u043d\u0435 \u043c\u0430\u043b\u043e \u0432\u0430\u0436\u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0431\u0435\u0437 \u0432\u043c\u0435\u0448\u0430\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430 \u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u0430\u043c\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u044b. \u0421\u043f\u0438\u0441\u043e\u043a \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439 windows \u0431\u043e\u043b\u044c\u0448\u043e\u0439, \u043d\u0430 \u0441\u043a\u0440\u0438\u043d\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438\u043b\u043e\u0436\u0438\u043b \u0432\u044b\u0448\u0435, \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.\n\n\u041f\u0440\u0438\u0432\u0435\u0434\u0443 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432 \u0441 PoC \u0434\u0430\u043d\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n\ud83d\udcce\u0442\u044b\u043a1\n\ud83d\udcce\u0442\u044b\u043a2\n\u041d\u0430\u0442\u043a\u043d\u0443\u043b\u0441\u044f \u0435\u0449\u0451 \u043d\u0430 DoS \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0447\u0435\u043d\u044c \u043f\u0440\u043e\u0441\u0442\u043e: \n./cve-2022-21907.py -t 184.50.9.56 -p 80 -v 4    - \u0434\u0443\u043c\u0430\u044e, \u0447\u0442\u043e \u043f\u0440\u0438\u043a\u043e\u043b \u0441 ip - \u043f\u043e\u043d\u044f\u043b\u0438\n\n\ud83d\udee1For educational purposes only!\nThis is a vulnerability that can infect other vulnerable devices on its own, in another way, this type is also called wormable and is associated with the HTTP protocol stack(http.sys ). An attacker who has not been authenticated can send a packet created for the attack to the attacked server. Also, I want to note that the attack can be carried out at the protocol level through one or more network transitions. What is not a little important, a vulnerable system can be exploited without the intervention and interaction of the victim himself. The list of affected versions of windows is large, you can look at the screenshot attached above.\n\nHere are a few repositories with the PoC of this vulnerability:\n\ud83d\udcce click1\n\ud83d\udcce click2\nI came across another DoS exploit  based on this vulnerability. It is very simple to use:\n./cve-2022-21907.py -t 184.50.9.56 -p 80 -v 4 - I think that the joke with the ip is understood\n\n#shizo #rce #cve #poc", "creation_timestamp": "2022-04-14T03:18:24.000000Z"}