SoftGuard SNMP Network Management Extension File Download (CVE-2022-31202)



Application Details

SoftGuard is a network management extension which collects inventory, analysis, and debugging data of devices and networks.


Vulnerability

SoftGuard Web could allow a remote authenticated attacker to obtain sensitive information, caused by insufficient validation of user-supplied input by the export function and built-in man functionality in the SNMP Network Management Extension component.


Identification

By sending a specially crafted request the attacker is able to define the complete path and the filename allowing them to read any arbitrary local file.


POST /cgi-bin/man.tcl
PAYLOAD - act=1&x=/etc/passwd&submit=Execute


Detection

By turning this into a traffic file and matching rule, we are able to detect attempts to download arbitrary files onto the system, to launch attacks.


Coverage

Idappcom has created signature 8022802 along with a traffic file.


References

SECLISTS.ORG

SoftGuard SNMP Network Management Extension File Download - Packet Storm Security


Traffic IQ

If you are concerned that your business may be at risk of this vulnerability, or others, why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional