Access Control: Infoblox NetMRI < 7.6.1 - Remote Code Execution via Hardcoded Ruby Cookie Secret Key¶
Identifier:
infoblox_netmri_rails_cookie_rce
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Infoblox NetMRI virtual appliances before version 7.6.1 are vulnerable to remote code execution due to a hardcoded Ruby on Rails session cookie secret key, allowing attackers to craft malicious session cookies that are deserialized, leading to arbitrary code execution.
How we test: We test for Rails cookie deserialization vulnerabilities in Infoblox NetMRI by crafting malicious session cookies using the hardcoded secret key and analyzing responses to detect if remote code execution is possible.
Reference:
- https://rhinosecuritylabs.com/research/infoblox-multiple-cves/
- https://nvd.nist.gov/vuln/detail/CVE-2013-0156
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.