CVE-2018-9843 – CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2018-9843

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. La API REST en CyberArk Password Vault Web Access, en versiones anteriores a la 9.9.5 y en versiones 10.x anteriores a la 10.1, permite que atacantes remotos ejecuten código arbitrario mediante un objeto .NET serializado en una cabecera Authorization HTTP. The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected. • https://www.exploit-db.com/exploits/44429 http://seclists.org/fulldisclosure/2018/Apr/18 http://www.securityfocus.com/archive/1/541932/100/0/threaded http://www.securitytracker.com/id/1040675 https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-014/-cyberark-password-vault-web-access-remote-code-execution • CWE-502: Deserialization of Untrusted Data •