CVE-2020-24621: OpenMRS remote code execution (RCE) vulnerability on htmlformentry (aka HTML Form Entry) module
Virsec Security Research Lab Vulnerability Report
The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities.
1.1 Vulnerability Summary
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.
Watch the video to learn more about this and other important vulnerabilities.
1.2 CVSS Score
The CVSS Base Score is 8.8 (High)
1.3 Affected Version
OpenMRS htmlformentry module 3.11.0 and prior.
1.4 Vulnerability Attribution
The vulnerability was reported Contrast Labs of Contrast Security.
1.5 Risk Impact
OpenMRS is a collaborative open-source project to develop software to support the delivery of health care in developing countries. Since OpenMRS’ launch in 2004, more than 5,500 healthcare facilities in over 40 countries are using the OpenMRS platform to provide improved healthcare to 12.6 million patients.
An attacker can manipulate certain input fields to cause a directory traversal vulnerability, that can further be elevated to cause a remote code execution vulnerability. This can affect these critical healthcare industries in very destructive manner to even cause damages like ransomware, shutdown of critical equipment’s, patient’s data theft, etc. Public exploit are available for this vulnerability.
1.6 Virsec Security Platform (VSP) Support:
VSP-Web PT/LFI capability can detect such an attack from being exploited. VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability. VSP-Host FSM capability would also detect the attempt to place a web shell on disk.
1.7 Reference Links:
- https://nvd.nist.gov/vuln/detail/CVE-2020-24621
- https://www.contrastsecurity.com/security-influencers/authenticated-remote-code-execution-openmrs
Download the full vulnerability report to learn more about this and other important vulnerabilities.
The post CVE-2020-24621: OpenMRS remote code execution (RCE) vulnerability on htmlformentry (aka HTML Form Entry) module appeared first on Virsec Systems.
*** This is a Security Bloggers Network syndicated blog from Blog – Virsec Systems authored by Satya Gupta. Read the original post at: https://virsec.com/cve-2020-24621-openmrs-remote-code-execution-rce-vulnerability-on-htmlformentry-aka-html-form-entry-module/
