HTTP: antMan 0.9.1a CVE-2018-7739 Authentication Bypass

This signature detects attempts to exploit a known vulnerability against antMan 0.9.1a. A successful attack can lead to authentication bypass.

Extended Description

antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation.

Affected Products

Antsle antman

References

CVE: CVE-2018-7739

Short Name
HTTP:MISC:ANT-MAN-AUTH-BY
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
0.9.1a Authentication Bypass CVE-2018-7739 antMan
Release Date
01/09/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3415
False Positive
Unknown
Vendors

Antsle

CVSS Score

7.5

Found a potential security threat?