Skip to content

Latest commit

 

History

History
44 lines (26 loc) · 1.93 KB

README.md

File metadata and controls

44 lines (26 loc) · 1.93 KB

CVE-2023-35078

shodan dorks

You can use the following shodan dorks to find public targets.

  • http.favicon.hash:362091310
  • http.favicon.hash:545827989
  • path=/mifs

You can use the following to transform data from shodan API to format suitable for the checking script:

jq -cr 'select(.http.favicon.hash == 362091310) | [ if .ssl? then "https://" else "http://" end , (.ip_str) + ":" + (.port|tostring)] | add' example.json > your_data_file.txt

usage

  • clone the repository
  • ./CVE-2023-35078.sh http[s]://your.target:port (define both protocol and target port)

If you want to test multiple targets, you can simply wrap it up with a loop: while read line; do ./CVE-2023-35078.sh $line; done < your_data_file.txt

additional info about the vuln

details about vulnerable/patched versions

This vulnerability impacts all supported versions – Version 11.4 releases 11.10, 11.9 and 11.8. Older versions/releases are also at risk.

you can fix the vulnerability by upgrading to EPMM versions 11.8.1.1, 11.9.1.1, and 11.10.0.2. These fixed versions also cover unsupported and End-of-Life (EoL) software versions that are lower than 11.8.1.0.