{"id":7605,"date":"2020-09-03T04:10:21","date_gmt":"2020-09-03T11:10:21","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7605"},"modified":"2023-04-05T12:43:07","modified_gmt":"2023-04-05T19:43:07","slug":"how-to-detect-the-vulnerability-cve-2020-14723","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/how-to-detect-the-vulnerability-cve-2020-14723\/","title":{"rendered":"How to Detect the Vulnerability CVE-2020-14723?"},"content":{"rendered":"

A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works<\/strong> in Oracle Help Technologies related to the Web UIX component. CVE-2020-14723 has a base score of 5.8 and an exploitability score of 8.6 in the CVSSv2 vulnerability severity scale. This vulnerability was discovered in our research lab on January 11, 2020, and we found that it has affected geographic locations such as the United States, Ireland, Germany, Netherlands, and Brazil.<\/p>\n

You can use the following script to detect this vulnerability –<\/p>\n

\n

Python 2.7+ Required
\nMulti os support<\/p>\n

    \n
  1. Python pip install -r requirements.txt – Please install necessary modules<\/li>\n
  2. Scanning IPs have to be added in a text file saved as IP.txt under the same script executing folder.<\/li>\n
  3. Payloads.txt – The default text file has to be present in the same folder and if users want to check with other payload types for Firewall bypass they can add in this file as per need.<\/li>\n
  4. Once both the txt are present, The script can be executed directly from the command line Python Oracle.py<\/li>\n
  5. The script will send an HTTP request to the IPs present in the IP list file and examine the response for the presence of the vulnerability.<\/li>\n
  6. Post the validation and completion of the script for the list of IPs provided, an excel file will be generated automatically with the output – Results.xls<\/li>\n
  7. The Generated Excel Sheet will have the details of the vulnerable and not vulnerable hosts for the CVE-2020-14723.<\/li>\n<\/ol>\n<\/div>\n

    Vulnerability Detection<\/strong><\/h2>\n

    CVE-2020-14723 was detected using an IAST tool to capture the Request, <\/em><\/strong>which showed that a simple payload reflects in Response.<\/p>\n

    Disclosure<\/strong><\/h2>\n

    The vulnerability was disclosed to Oracle in January 2020. The vendor responded and released a patch in June 2020 to mitigate this vulnerability.<\/p>\n

    Timeline<\/b><\/h2>\n\n\n\n\n\n\n\n\n\n
    Date<\/b><\/td>\nDescription<\/b><\/td>\n<\/tr>\n
    Jan 11, 2020<\/td>\nDiscovered in our research lab<\/td>\n<\/tr>\n
    Jan 12, 2020<\/td>\nReported to Oracle<\/td>\n<\/tr>\n
    Jun 23, 2020<\/td>\nOracle notified that the issue is addressed in the main code line and scheduled a future CPU – Critical Patch Update Releases.<\/td>\n<\/tr>\n
    Jul 14, 2020<\/td>\nThe date of public disclosure<\/td>\n<\/tr>\n
    Jul 15, 2020<\/td>\nPublished in NVD<\/td>\n<\/tr>\n
    Jul 20, 2020<\/td>\nLast modified on NVD<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

    Incident Analysis<\/strong><\/h2>\n

    The CVE-2020-14723 allows an unauthenticated user to insert a malicious JavaScript on the help page. Whenever a user clicks on a Print<\/i><\/b> page option, the script will be executed as part of the current user browser context.<\/p>\n\n\n\n\n
    Vendor<\/strong><\/td>\nProduct<\/strong><\/td>\nVersions<\/strong><\/td>\n<\/tr>\n
    Oracle<\/td>\nHelp Technologies<\/td>\n11.1.1.9.0, 12.2.1.3.0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

    Vulnerability Analysis<\/strong><\/h2>\n

    CVE-2020-14723 is a vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0.<\/p>\n

    Proof of Concept<\/strong><\/h2>\n\n\n\n\n\n\n\n\n
    Product<\/td>\nOracle Web Content Management<\/td>\n<\/tr>\n
    Product Version<\/td>\n12.2.1.3.0<\/td>\n<\/tr>\n
    Privilege<\/b><\/td>\nAny user who has access to the Help<\/i><\/b> Page<\/td>\n<\/tr>\n
    Request Type<\/td>\nGET<\/td>\n<\/tr>\n
    Vulnerable<\/b> URL<\/strong><\/td>\nhttp:\/\/localhost\/_ocsh\/help\/state?navSetId=help_for_translation_dc_template_editor_en_dcted_html_l10n_dcted_hlpbk&navId=0&locale=en844&destination=<\/td>\n<\/tr>\n
    Vulnerable Parameter<\/b><\/td>\nlocale<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

     <\/p>\n

    Steps to Reproduce<\/strong>:<\/h2>\n

    Step 1<\/strong>: Click on the Help<\/em><\/strong> docs page in the Oracle Web content.<\/em><\/strong><\/p>\n

    \"\"<\/em><\/strong><\/p>\n

    Step 2<\/strong>: Navigate to any of the help topics shown below and intercept using the proxy tool (Burp).<\/p>\n

    \"\"<\/p>\n

    Step 3<\/strong>: Capturing the Request<\/em><\/strong> and a simple Payload<\/em><\/strong> reflects in the Response<\/em><\/strong> without sanitization.<\/p>\n

    \"\"<\/p>\n

    Step 4<\/strong>: While triggering the Print <\/i>page event, the payload gets stored and is assigned with the path URL. Whenever the user clicks the print page, the payload will be automatically executed in the user\u2019s browser.<\/p>\n

    \"\"<\/p>\n

    Mitigation<\/strong><\/h2>\n

    Oracle recommends that customers apply the Critical Patch Update July 2020 to the Oracle Database components of Oracle Fusion Middleware products. Click this link for the patch updates: https:\/\/www.oracle.com\/security-alerts\/cpujul2020.html<\/a><\/p>\n

    Impact <\/strong><\/h2>\n

    If this vulnerability is exploited successfully, it may result in the blocking of network protocols and may break application functionality. It may also result in unauthorized access to critical data, complete access to Oracle Help Technologies\u2019 accessible data, unauthorized updates (insert or delete access to Oracle Help Technologies accessible data).<\/p>\n

    Recommendation<\/strong><\/h2>\n

    Based on the CSW team’s recommendations, Oracle strongly advised its customers to remain on actively supported versions and apply critical security patches without delay.<\/p>\n","protected":false},"excerpt":{"rendered":"

    A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works in Oracle Help Technologies related to the Web UIX component.<\/p>\n","protected":false},"author":20,"featured_media":7606,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":""},"categories":[82,80,154],"tags":[253,361,362,149],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7605"}],"collection":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/comments?post=7605"}],"version-history":[{"count":3,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7605\/revisions"}],"predecessor-version":[{"id":12239,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/posts\/7605\/revisions\/12239"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media\/7606"}],"wp:attachment":[{"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/media?parent=7605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/categories?post=7605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/10.42.32.162\/wp-json\/wp\/v2\/tags?post=7605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}