Listen to this Post
How the mentioned CVE works:
The vulnerability exists in the Staging Sync Server component of Kentico Xperience. When the server is configured to use the ‘None’ authentication type, the system fails to properly validate the connection, effectively bypassing the password check. An unauthenticated remote attacker can exploit this misconfiguration by sending a specially crafted request to the staging server endpoint. This request mimics a legitimate sync attempt but omits or provides a dummy password, which the ‘None’ handler incorrectly accepts as valid. Upon successful bypass, the attacker is granted administrative control over the application’s objects, allowing for full compromise of the Kentico instance, including data manipulation and unauthorized content changes.
DailyCVE Form:
Platform: Kentico Xperience
Version: through 13.0.178
Vulnerability: Authentication Bypass
Severity: Critical
date: 2024-10-11
Prediction: Patch by 2024-10-25
What Undercode Say:
nmap -p 80,443 --script http-vuln-cve2024-43463 <target_ip>
import requests
target = "http://target.com/Staging/SyncServer.ashx"
headers = {"Content-Type": "application/octet-stream"}
data = "malicious_sync_data_for_none_auth"
response = requests.post(target, headers=headers, data=data)
Check for 200 OK and administrative response
`grep -r “StagingSyncServer” /kentico/web.config`
How Exploit:
Craft POST request to SyncServer.ashx with ‘None’ auth data.
Send serialized .NET object to manipulate admin functions.
Use compromised access to execute arbitrary code on the server.
Protection from this CVE:
Upgrade to version 13.0.179.
Disable Staging Sync Server if unused.
Configure authentication type to ‘X.509’ or ‘User’.
Impact:
Full administrative access.
Remote code execution.
Complete system compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: www.cve.org
Extra Source Hub:
Undercode
