Tag Archives: Jet

Remote Code Execution – Bitrix (CVE-2022-29268) and Jet CSIRT deface case

Remote Code Execution - Bitrix (CVE-2022-29268) and Jet CSIRT deface case

Remote Code Execution – Bitrix (CVE-2022-29268) and Jet CSIRT deface case.

🔻 The vulnerability is in the “Rejected” status in NVD, although its exploitability has been confirmed. 🤷‍♂️ What is it about? CMS Bitrix can be deployed from the “1C-Bitrix: Virtual Machine” image. Then it is configured in the web setup interface (without authentication). At a certain step there is an option “Upload backup”. Instead of a backup, you can upload a web shell there and it will be installed. 🫠

🔻 What is the risk? Surely no one will expose the initial setup interface to the Internet? 🤔 But people do it, Google dork is available.

🔻 This happened in the Jet CSIRT website deface case as well. In November 2023, the setup interface was exposed for 3 days. The attackers found it and installed the web shell. 🤷‍♂️

Jet states that Bitrix does not consider this to be a vulnerability in the setup interface. So the recommendation: don’t make it accessible from the Internet. 😅🤡

На русском