Facade Ignition < 1.16.14 / 2.x < 2.4.2 / 2.5.x < 2.5.2 RCE

critical Nessus Plugin ID 194503

Synopsis

A PHP library installed on the remote host is affected by a remote code execution vulnerability.

Description

The version of Facade Ignition installed of the remote host is prior to 1.16.14, or 2.x prior to 2.4.2, or 2.5.x prior to 2.5.2. It is, therefore, affected by a remote code execution vulnerability. Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Also note that this plugin does not distinguish between PHP packages installed via the OS package manager, PHP packages installed via Composer, or other sources. As a result, packages provided by your OS package repository may have backported fixes that this plugin may incorrectly report as vulnerable. Please refer to the OS-specific plugins for CVE-2021-3129 to check for backported fixes.

Solution

Upgrade to Facade Ignition version 1.16.14, 2.4.2, 2.5.2 or later.

See Also

https://github.com/facade/ignition

Plugin Details

Severity: Critical

ID: 194503

File Name: facade_ignition_CVE-2021-3129.nasl

Version: 1.2

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 4/29/2024

Updated: 4/30/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3129

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:facade:ignition

Required KB Items: language_library/package/composer/enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/16/2020

Vulnerability Publication Date: 11/16/2020

CISA Known Exploited Vulnerability Due Dates: 10/9/2023

Exploitable With

Metasploit (Unauthenticated remote code execution in Ignition)

Reference Information

CVE: CVE-2021-3129