Miggo Logo

CVE-2017-9822: DNN (aka DotNetNuke) has Remote Code Execution via a cookie

8.8

CVSS Score
3.1

Basic Information

EPSS Score
0.99948%
Published
10/16/2018
Updated
1/9/2023
KEV Status
Yes
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
DotNetNuke.Corenuget< 9.1.19.1.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability involves remote code execution via cookie deserialization (CWE-20). Analysis focused on DNN's authentication flow and serialization patterns:

  1. Cookie handling functions are primary suspects given the attack vector
  2. The '2017-08' bulletin explicitly mentions cookie decoding leading to impersonation/RCE
  3. .NET deserialization vulnerabilities commonly involve XmlSerializer or BinaryFormatter
  4. DNN's XML utilities and authentication controllers are logical locations for cookie processing While the exact patch isn't available, the functions identified represent the most probable locations based on vulnerability type, .NET patterns, and DNN architecture. Confidence is medium due to reliance on vulnerability descriptions rather than direct code analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*NN (*k* *otN*tNuk*) ***or* *.*.* **s R*mot* *o** *x**ution vi* * *ooki*, *k* "****-** (*riti**l) Possi*l* r*mot* *o** *x**ution on *NN sit*s."

Reasoning

T** vuln*r**ility involv*s r*mot* *o** *x**ution vi* *ooki* **s*ri*liz*tion (*W*-**). *n*lysis *o*us** on *NN's *ut**nti**tion *low *n* s*ri*liz*tion p*tt*rns: *. *ooki* **n*lin* *un*tions *r* prim*ry susp**ts *iv*n t** *tt**k v**tor *. T** '****-**'