This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Unauthenticated Remote Code Execution (RCE) in Viessmann Vitogate. <br>π₯ **Consequences**: Attackers bypass login, inject shell commands via `ipaddr`, and take full control of the system.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: **Command Injection** via improper input validation. <br>π **Flaw**: The `ipaddr` parameter in the `PUT` method of `/cgi-bin/vitogate.cgi` accepts shell metacharacters without sanitization.
π **Attacker Capabilities**: <br>1οΈβ£ **Bypass Authentication**: No login required. <br>2οΈβ£ **Execute Arbitrary Commands**: Full system access via shell injection.β¦
β‘ **Exploitation Threshold**: **LOW**. <br>π **Auth**: Unauthenticated (Zero-Click style access). <br>π― **Vector**: HTTP PUT request to specific CGI endpoint.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π’ **Public Exploit**: **YES**. <br>π **PoC Available**: Nuclei template exists (projectdiscovery). <br>π **Wild Exploitation**: Likely active given the ease of access.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1οΈβ£ Scan for `/cgi-bin/vitogate.cgi`. <br>2οΈβ£ Test `PUT` method with `ipaddr` parameter containing shell metacharacters (e.g., `; ls`). <br>3οΈβ£ Use Nuclei template `CVE-2023-45852.yaml`.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Official Fix**: **YES**. <br>π **Status**: Vulnerability disclosed Oct 14, 2023. Users should update to the latest patched firmware version immediately.
Q9What if no patch? (Workaround)
π§ **No Patch Workaround**: <br>1οΈβ£ **Network Isolation**: Block external access to port 80/443 for Vitogate. <br>2οΈβ£ **WAF Rules**: Block `PUT` requests to `/cgi-bin/vitogate.cgi`.β¦