forked from intrigueio/intrigue-core
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request intrigueio#369 from intrigueio/kaseya-multiple-cve…
…-try2 Kaseya multiple CVE try2
- Loading branch information
Showing
6 changed files
with
332 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
|
||
module Intrigue | ||
|
||
module Issue | ||
class KaseyaCve202130116 < BaseIssue | ||
def self.generate(instance_details={}) | ||
{ | ||
added: "2021-07-09", | ||
name: "kaseya_cve_2021_30116", | ||
pretty_name: "Kaseya Credential Disclosure (CVE-2021-30116)", | ||
identifiers: [ | ||
{ type: "CVE", name: "CVE-2021-30116" } | ||
], | ||
severity: 1, | ||
category: "vulnerability", | ||
status: "potential", | ||
description: "Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.", | ||
affected_software: [ | ||
{ :vendor => "Kaseya", :product => "Virtual System Administrator" } | ||
], | ||
references: [ | ||
{ type: "description", uri: "https://nvd.nist.gov/vuln/detail/CVE-2021-30116" }, | ||
{ type: "description", uri: "https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021" } | ||
], | ||
authors: ["shpendk"] | ||
}.merge!(instance_details) | ||
end | ||
end | ||
end | ||
|
||
module Task | ||
class KaseyaCve202130116 < BaseCheck | ||
def self.check_metadata | ||
{ | ||
allowed_types: ["Uri"] | ||
} | ||
end | ||
|
||
# return truthy value to create an issue | ||
def check | ||
|
||
# get enriched entity | ||
require_enrichment | ||
|
||
# get version for product | ||
version = get_version_for_vendor_product(@entity, 'Kaseya', 'Virtual System Administrator') | ||
return false unless version | ||
|
||
# if its vulnerable, return some proof | ||
if compare_versions_by_operator(version, "9.5.7" , "<") | ||
return "Asset is vulnerable based on fingerprinted version #{version}" | ||
end | ||
end | ||
|
||
end | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
|
||
module Intrigue | ||
|
||
module Issue | ||
class KaseyaCve202130117 < BaseIssue | ||
def self.generate(instance_details={}) | ||
{ | ||
added: "2021-07-09", | ||
name: "kaseya_cve_2021_30117", | ||
pretty_name: "Kaseya Credential Disclosure (CVE-2021-30117)", | ||
identifiers: [ | ||
{ type: "CVE", name: "CVE-2021-30117" } | ||
], | ||
severity: 1, | ||
category: "vulnerability", | ||
status: "potential", | ||
description: "SQL injection exists in Kaseya VSA before 9.5.6.", | ||
affected_software: [ | ||
{ :vendor => "Kaseya", :product => "Virtual System Administrator" } | ||
], | ||
references: [ | ||
{ type: "description", uri: "https://nvd.nist.gov/vuln/detail/CVE-2021-30117" }, | ||
{ type: "description", uri: "https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021" } | ||
], | ||
authors: ["shpendk"] | ||
}.merge!(instance_details) | ||
end | ||
end | ||
end | ||
|
||
module Task | ||
class KaseyaCve202130117 < BaseCheck | ||
def self.check_metadata | ||
{ | ||
allowed_types: ["Uri"] | ||
} | ||
end | ||
|
||
# return truthy value to create an issue | ||
def check | ||
|
||
# get enriched entity | ||
require_enrichment | ||
|
||
# get version for product | ||
version = get_version_for_vendor_product(@entity, 'Kaseya', 'Virtual System Administrator') | ||
return false unless version | ||
|
||
# if its vulnerable, return some proof | ||
if compare_versions_by_operator(version, "9.5.6" , "<") | ||
return "Asset is vulnerable based on fingerprinted version #{version}" | ||
end | ||
end | ||
|
||
end | ||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
module Intrigue | ||
module Issue | ||
class KaseyaCve202130118 < BaseIssue | ||
def self.generate(instance_details = {}) | ||
{ | ||
added: '2021-07-09', | ||
name: 'kaseya_cve_2021_30118', | ||
pretty_name: 'Kaseya VSA RCE (CVE-2021-30118)', | ||
identifiers: [ | ||
{ type: 'CVE', name: 'CVE-2021-30118' } | ||
], | ||
severity: 1, | ||
category: 'vulnerability', | ||
status: 'potential', | ||
description: 'Kaseya VSA before 9.5.5 allows remote code execution.', | ||
affected_software: [ | ||
{ vendor: 'Kaseya', product: 'Virtual System Administrator' } | ||
], | ||
references: [ | ||
{ type: 'description', uri: 'https://nvd.nist.gov/vuln/detail/CVE-2021-30118' }, | ||
{ type: 'description', | ||
uri: 'https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021' } | ||
], | ||
authors: ['adambakalar'] | ||
}.merge!(instance_details) | ||
end | ||
end | ||
end | ||
|
||
module Task | ||
class KaseyaCve202130118 < BaseCheck | ||
def self.check_metadata | ||
{ | ||
allowed_types: ['Uri'] | ||
} | ||
end | ||
|
||
# return truthy value to create an issue | ||
def check | ||
# get enriched entity | ||
require_enrichment | ||
|
||
# get version for product | ||
version = get_version_for_vendor_product(@entity, 'Kaseya', 'Virtual System Administrator') | ||
return false unless version | ||
|
||
# if its vulnerable, return some proof | ||
if compare_versions_by_operator(version, '9.5.5', '<') | ||
return "Asset is vulnerable based on fingerprinted version #{version}" | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
module Intrigue | ||
module Issue | ||
class KaseyaCve202130119 < BaseIssue | ||
def self.generate(instance_details = {}) | ||
{ | ||
added: '2021-07-09', | ||
name: 'kaseya_cve_2021_30119', | ||
pretty_name: 'Kaseya VSA XSS (CVE-2021-30119)', | ||
identifiers: [ | ||
{ type: 'CVE', name: 'CVE-2021-30119' } | ||
], | ||
severity: 3, | ||
category: 'vulnerability', | ||
status: 'potential', | ||
description: 'Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7.', | ||
affected_software: [ | ||
{ vendor: 'Kaseya', product: 'Virtual System Administrator' } | ||
], | ||
references: [ | ||
{ type: 'description', uri: 'https://nvd.nist.gov/vuln/detail/CVE-2021-30119' }, | ||
{ type: 'description', | ||
uri: 'https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021' } | ||
], | ||
authors: ['adambakalar'] | ||
}.merge!(instance_details) | ||
end | ||
end | ||
end | ||
|
||
module Task | ||
class KaseyaCve202130119 < BaseCheck | ||
def self.check_metadata | ||
{ | ||
allowed_types: ['Uri'] | ||
} | ||
end | ||
|
||
# return truthy value to create an issue | ||
def check | ||
# get enriched entity | ||
require_enrichment | ||
|
||
# get version for product | ||
version = get_version_for_vendor_product(@entity, 'Kaseya', 'Virtual System Administrator') | ||
return false unless version | ||
|
||
# if its vulnerable, return some proof | ||
if compare_versions_by_operator(version, '9.5.7', '<') | ||
return "Asset is vulnerable based on fingerprinted version #{version}" | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
module Intrigue | ||
module Issue | ||
class KaseyaCve202130120 < BaseIssue | ||
def self.generate(instance_details = {}) | ||
{ | ||
added: '2021-07-09', | ||
name: 'kaseya_cve_2021_30120', | ||
pretty_name: 'Kaseya VSA 2FA Bypass (CVE-2021-30120)', | ||
identifiers: [ | ||
{ type: 'CVE', name: 'CVE-2021-30120' } | ||
], | ||
severity: 2, | ||
category: 'vulnerability', | ||
status: 'potential', | ||
description: 'Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requirement.', | ||
affected_software: [ | ||
{ vendor: 'Kaseya', product: 'Virtual System Administrator' } | ||
], | ||
references: [ | ||
{ type: 'description', uri: 'https://nvd.nist.gov/vuln/detail/CVE-2021-30120' }, | ||
{ type: 'description', | ||
uri: 'https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021' } | ||
], | ||
authors: ['adambakalar'] | ||
}.merge!(instance_details) | ||
end | ||
end | ||
end | ||
|
||
module Task | ||
class KaseyaCve202130120 < BaseCheck | ||
def self.check_metadata | ||
{ | ||
allowed_types: ['Uri'] | ||
} | ||
end | ||
|
||
# return truthy value to create an issue | ||
def check | ||
# get enriched entity | ||
require_enrichment | ||
|
||
# get version for product | ||
version = get_version_for_vendor_product(@entity, 'Kaseya', 'Virtual System Administrator') | ||
return false unless version | ||
|
||
# if its vulnerable, return some proof | ||
if compare_versions_by_operator(version, '9.5.7', '<') | ||
return "Asset is vulnerable based on fingerprinted version #{version}" | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
module Intrigue | ||
module Issue | ||
class KaseyaCve202130121 < BaseIssue | ||
def self.generate(instance_details = {}) | ||
{ | ||
added: '2021-07-09', | ||
name: 'kaseya_cve_2021_30121', | ||
pretty_name: 'Kaseya VSA LFI (CVE-2021-30121)', | ||
identifiers: [ | ||
{ type: 'CVE', name: 'CVE-2021-30121' } | ||
], | ||
severity: 1, | ||
category: 'vulnerability', | ||
status: 'potential', | ||
description: 'Local file inclusion exists in Kaseya VSA before 9.5.6.', | ||
affected_software: [ | ||
{ vendor: 'Kaseya', product: 'Virtual System Administrator' } | ||
], | ||
references: [ | ||
{ type: 'description', uri: 'https://nvd.nist.gov/vuln/detail/CVE-2021-30121' }, | ||
{ type: 'description', | ||
uri: 'https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-2nd-2021' } | ||
], | ||
authors: ['adambakalar'] | ||
}.merge!(instance_details) | ||
end | ||
end | ||
end | ||
|
||
module Task | ||
class KaseyaCve202130121 < BaseCheck | ||
def self.check_metadata | ||
{ | ||
allowed_types: ['Uri'] | ||
} | ||
end | ||
|
||
# return truthy value to create an issue | ||
def check | ||
# get enriched entity | ||
require_enrichment | ||
|
||
# get version for product | ||
version = get_version_for_vendor_product(@entity, 'Kaseya', 'Virtual System Administrator') | ||
return false unless version | ||
|
||
# if its vulnerable, return some proof | ||
if compare_versions_by_operator(version, '9.5.6', '<') | ||
return "Asset is vulnerable based on fingerprinted version #{version}" | ||
end | ||
end | ||
end | ||
end | ||
end |