Detections
Analytics
Cobalt RaQ4 Administrative Interface backup.cgi Command Execution (EXTINCTSPINACH)
critical Nessus Plugin ID 100387
Language:
Synopsis
A web application running on the remote host is affected by a command execution vulnerability.Description
The Cobalt RaQ4 administrative interface running on the remote host is affected by a remote command execution vulnerability in the /cgi-bin/.cobalt/backup/backup.cgi script. An unauthenticated, remote attacker can exploit this to execute arbitrary commands.EXTINCTSPINACH is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/08 by a group known as the Shadow Brokers.
Note that Nessus has not attempted to exploit this issue but has instead only confirmed the presence of the backup.cgi script.
Solution
Contact the vendor for a patch.See Also
http://www.nessus.org/u?9b84a0bd
https://github.com/x0rz/EQGRP/blob/master/Linux/up/extinctspinach.txt
Plugin Details
Severity: Critical
ID: 100387
File Name: cobalt_command_injection.nasl
Version: 1.3
Type: remote
Family: CGI abuses
Published: 5/24/2017
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/h:sun:cobalt_raq_4
Required KB Items: Settings/ParanoidReport
Excluded KB Items: Settings/disable_cgi_scanning
Vulnerability Publication Date: 4/8/2017