RedTeam Pentesting discovered that the configuration of a Cisco RV320 router can still be exported without authentication via the device’s web interface due to an inadequate fix by the vendor.
So many servers are happy when you just provide a trusted user-agent, and a referer. Sometimes one alao needs a token that can be obtaimed from an additional request.
to buy cisco is just sick: expensive and you see the "quality" of their sophisticated "security" devices. How can they play with their reputation like this...
If it just piped the offending IP address into the iptables drop list, it would be a good start. No reason to let your adversary know they can try again with different parameters.
Same nonsense on https://dl.dell.com - the default user agents of curl and wget trigger a 403 error, but setting the user agent to a less suspicious string such as "bullshit" or "nmap" solves the problem.
We won't let you hack into this device unless you ask *politely*! That will stop hackers because the evil in their hearts prevents them from being polite.
this hit so close to home today ... been struggling with an infrastructure team having a basic auth protected service redirecting https to http. Gave then curl screenshots and their response was "we are not familiar with this 'curl' software, can you try it on Chrome or Edge?" 😔😒🤨
I posted this image on LinkedIn as well, and the stats there tells me that Cisco is in fact now the third most common employing company among the viewers... (only beaten by AWS and Microsoft)
does this qualify as code bloat? the user agent header is completely arbitrary and can be set to anything. I mean why single out curl. Shouldn’t the nmap default user agent be in there too? etc etc
so the exploit just needs an update to include setting the user agent header to something else right, and it could be one of many many many different strings.
This makes me want to add a check for curl as the user agent, but only so it sends back a fun message as part of the return headers. Something harmless.
Gina Häußge
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Gina Häußge • • •Gina Häußge
in reply to daniel:// stenberg:// • • •Colin McMillen
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to Colin McMillen • • •RedTeam Pentesting GmbH - Cisco RV320 Unauthenticated Configuration Export
www.redteam-pentesting.deColin McMillen
in reply to daniel:// stenberg:// • • •Mark Pauley
in reply to daniel:// stenberg:// • • •🤣
triallax
in reply to daniel:// stenberg:// • • •Kiskae
in reply to daniel:// stenberg:// • • •AcidePoulain
in reply to daniel:// stenberg:// • • •Yaksh Bariya
in reply to daniel:// stenberg:// • • •This is ofcourse going the obvious solution when your blog's "network engineer" tag is filled with PR BS:
CW: everything on this blog is bullshit, and unrelated to what the tag name is
https://blogs.cisco.com/tag/network-engineer
network engineer - Cisco Blogs
Cisco SystemsKarl Fredrik 🦊
in reply to daniel:// stenberg:// • • •This is sorta what imgur does for wget as well, to "stop" scraping I guess...
(it has returned 429 "too many requests" every time I've tried, so I assumme it's an ingress rule for the user agent)
Kelvin n0mql EN35ld
in reply to daniel:// stenberg:// • • •Your alt text says it returns a 404.
Nope. It returns a 403.
Chris Gioran 💔
in reply to daniel:// stenberg:// • • •Bill's in the shop for repairs
in reply to daniel:// stenberg:// • • •hnapel
in reply to daniel:// stenberg:// • • •I looked up the curl man page, especially the example for changing the user agent:
Example:
curl -A "Agent 007" https://example.com
😎
Example Domain
example.comMartin Rocket
in reply to daniel:// stenberg:// • • •Psycodepath
in reply to daniel:// stenberg:// • • •Alex
in reply to daniel:// stenberg:// • • •Troed Sångberg
in reply to daniel:// stenberg:// • • •Sertonix
in reply to daniel:// stenberg:// • • •Wayne Dixon
in reply to daniel:// stenberg:// • • •Sandor Szücs
in reply to daniel:// stenberg:// • • •How can they play with their reputation like this...
Tito Swineflu
in reply to daniel:// stenberg:// • • •klausfiend
in reply to daniel:// stenberg:// • • •srslypascal
in reply to daniel:// stenberg:// • • •FTP Root
dl.dell.comMichelle Hughes
in reply to daniel:// stenberg:// • • •Waseem
in reply to daniel:// stenberg:// • • •🐧DaveNull🐧 ☣️pResident Evil☣
in reply to daniel:// stenberg:// • • •😂
As moronic as this "security fix" is, I can't exactly say that I'm surprised…
Asharas
in reply to daniel:// stenberg:// • • •Jason Sando
in reply to daniel:// stenberg:// • • •Dr. Mastodonocologist
in reply to daniel:// stenberg:// • • •Elmer Fudd level.
daniel:// stenberg://
in reply to daniel:// stenberg:// • • •I posted this image on LinkedIn as well, and the stats there tells me that Cisco is in fact now the third most common employing company among the viewers... (only beaten by AWS and Microsoft)
https://www.linkedin.com/posts/danielstenberg_curl-activity-7185597818894512130-kHFS
Daniel Stenberg on LinkedIn: #curl | 37 comments
Daniel Stenberg (www.linkedin.com)eigenman :chickenroll:
in reply to daniel:// stenberg:// • • •spmatich :blobcoffee:
in reply to daniel:// stenberg:// • • •I mean why single out curl. Shouldn’t the nmap default user agent be in there too? etc etc
daniel:// stenberg://
in reply to spmatich :blobcoffee: • • •spmatich :blobcoffee:
in reply to daniel:// stenberg:// • • •daniel:// stenberg://
in reply to spmatich :blobcoffee: • • •Filippo Nova
in reply to daniel:// stenberg:// • • •Gen X-Wing
in reply to daniel:// stenberg:// • • •jn
in reply to daniel:// stenberg:// • • •Алексей Боцман
in reply to daniel:// stenberg:// • • •