This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Exhibitor Config Editor allows **OS Command Injection**. <br>π₯ **Consequences**: Attackers can execute **arbitrary commands** on the host system.β¦
π‘οΈ **Root Cause**: **CWE-78** (OS Command Injection). <br>π **Flaw**: The **Config editor** in the Exhibitor Web UI fails to properly sanitize user input before passing it to the operating system shell.β¦
π¦ **Affected**: **Exhibitor** versions **1.0.9 through 1.7.1**. <br>π§ **Component**: Specifically the **Web UI Config Editor** used for managing ZooKeeper instances. If you use these versions, you are at risk.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: **Remote Code Execution (RCE)**. <br>π **Data**: Attackers gain the same privileges as the **Exhibitor process**.β¦
β οΈ **Threshold**: **Low to Medium**. <br>π **Auth**: Requires access to the **Exhibitor Web UI**. If the UI is exposed to the internet without authentication, exploitation is trivial.β¦
π **Self-Check**: <br>1. Scan for **Exhibitor Web UI** ports (default 8080/9080). <br>2. Check version numbers in HTTP headers or UI footer. <br>3.β¦
π₯ **Urgency**: **HIGH**. <br>π **Priority**: Patch immediately. <br>β³ **Reason**: Public PoCs exist, and it allows full RCE. Many ZooKeeper clusters are misconfigured and exposed.β¦