CVE-2019-25714
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmlofficeservlet endpoint that allows remote attackers to write arbitrary files to the web application root by sending specially crafted POST requests with custom base64-encoded payloads. Attackers can write JSP webshells to the web root and execute them through the web server to achieve arbitrary OS command execution with web server privileges. Exploitation evidence was first observed by the Shadowserver Foundation on 2021-03-26 (UTC).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Seeyon Internet Software | A8-V5 Collaborative Management Software | 6.1sp1 | affected |
| Seeyon Internet Software | A8+ Collaborative Management Software | 7.0 | affected |
| Seeyon Internet Software | A8+ Collaborative Management Software | 7.0sp1 | affected |
| Seeyon Internet Software | A8+ Collaborative Management Software | 7.0sp2 | affected |
| Seeyon Internet Software | A8+ Collaborative Management Software | 7.0sp3 | affected |
| Seeyon Internet Software | A8+ Collaborative Management Software | 7.1 | affected |
Weaknesses
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://sourceforge.net/software/product/A8/
- https://web.archive.org/web/20190821034711/http://wyb0.com/posts/2019/seeyon-htmlofficeservlet-getshell/
- https://wiki.96.mk/Web%E5%AE%89%E5%85%A8/%E8%87%B4%E8%BF%9Coa/%E8%87%B4%E8%BF%9C%20OA%20A8%20htmlofficeservlet%20getshell%20%E6%BC%8F%E6%B4%9E/
- https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/download/pdf/90916/Security_Notification_reseller_en-US.pdf
- https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31713
- https://www.fortiguard.com/encyclopedia/ips/48874/seeyon-office-anywhere-htmlofficeservlet-arbitrary-file-upload
- https://www.vulncheck.com/advisories/seeyon-office-anywhere-oa-a8-unauthenticated-arbitrary-file-write-via-htmlofficeservlet
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.