SecZetta NEProfile 3.3.11 Remote Code Execution

2020.07.16

Credit: Josh Sheppard

Risk: High

Local: No

Remote: Yes

CVE: CVE-2020-12854

CWE: CWE-434

CVSS Base Score: 6.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Exploit Title: NEProfile - Remote Code Execution
Date: 5/13/2020
Vendor Homepage: https://seczetta.com
Software Link: https://seczetta.com/product/ne-profile
Version: 3.3.11
Tested on: 3.3.11
Exploit Author: Josh Sheppard
Exploit Contact: ghost () a t undervurse dot_com
Exploit Technique: Remote
CVE ID: CVE-2020-12854
1. Description
A remote code execution vulnerability was identified in SecZetta's NEProfile product. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted jpg as part of the profile avatar.
The issue affects version 3.3.11 and has not been tested on other versions of the product.
2. Disclosure Timeline
5/4/20 - Discovery and Exploitation
5/12/20 - Vendor Notified
6/18/20 - Patch / Hotfix Created
3. Mitigation
Apply hotfix provided by vendor

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SecZetta NEProfile 3.3.11 Remote Code Execution

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.