Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (4): 343-350.doi: 10.11896/jsjkx.220100113

• Information Security • Previous Articles     Next Articles

Detection of Web Command Injection Vulnerability for Cisco IOS-XE

HE Jie, CAI Ruijie, YIN Xiaokang, LU Xuanting, LIU Shengli   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China
  • Received:2022-01-12 Revised:2022-07-07 Online:2023-04-15 Published:2023-04-06
  • About author:HE Jie,born in 1996,master.His main research interests include cyber security and embedded network device.
    LIU Shengli,born in 1973,Ph.D,professor.His main research interests include network device security and network attack detection.
  • Supported by:
    Foundation Strengthening Key Project of Science & Technology Commission(2019-JCJQ-ZD-113).

PDF (PC)

473

Abstract: Cisco’s new operating system,Cisco IOS-XE,is widely deployed on platforms such as Cisco routers and switches.However,there are vulnerabilities in the system’s Web management interface to allow permission escalation through command injection.Network security is facing serious threats.In recent years,fuzzing is usually used to detect security vulnerabilities in embedded devices,but there is currently no fuzzing framework for Cisco IOS-XE,and current fuzzing methods for IoT have poor performance due to the unique system architecture and command mode of IOS-XE.To solve the problems mentioned above,this paper proposes a novel fuzzing framework CRFuzzer for the Web management service in Cisco IOS-XE system to detect command injection vulnerabilities.CRFuzzer combines front-end requests and back-end scripts analysis to optimize seed generation,and locates vulnerable code based on characteristics of command injection to narrow the scope of testing.In order to evaluate the vulnerability detection performance of CRFuzzer,124 firmwares of 31 different versions are tested on the physical router ISR 4000 series and the cloud router CSR 1000v,and a total of 11 command injection vulnerabilities are detected,and 2 of them are undisclosed vulnerabilities.

Key words: Cisco IOS-XE, Web service, Command injection, Vulnerability detection, Fuzzing

CLC Number: 

  • TP393
[1]Open Web Application Security Project Top Ten[EB/OL].(2013-10-30)[2021-10-01].https://owasp.org/www-project-top-ten.
[2]STASINOPOULOS A,NTANTOGIAN C,XENAKIS C.Commix:automating evaluation and exploitation of command injection vulnerabilities in Web applications[J].International Journal of Information Security,2019,18(1):49-72.
[3]YOGESH R,NAGENDRA K N.Containers in Cisco IOS-XE,IOS-XR,and NX-OS:Orchestration and Operation[M].Cisco Press,2021.
[4]MUNIZ S,ORTEGA A.Fuzzing and debugging Cisco IOS[J/OL].BlackHat Europe,2011.https://infocon.org/cons/SyScan/SyScan 2011 Singapore/SyScan 2011 Singapore presentations/Syscan2011-CiscoIOS-Aortega-Smuniz.pdf.
[5]LI F,ZHANG L,CHEN D.Vulnerability mining of Cisco routerbased on fuzzing[C]//The 2014 2nd International Conference on Systems and Informatics(ICSAI 2014).IEEE,2014:649-653.
[6]ZHOU J X,FENG D,LI B.A fuzzing method based on dual variation strategy for Cisco IOS[C]//2017 3rd IEEE International Conference on Computer and Communications(ICCC).IEEE,2017:205-209.
[7]ZHANG Y,HUO W,JIAN K,et al.SrFuzzer:An automaticfuzzing framework for physical soho router devices to discover multi-type vulnerabilities[C]//Proceedings of the 35th Annual Computer Security Applications Conference.2019:544-556.
[8]CHEN J,DIAO W,ZHAO Q,et al.IoTFuzzer:DiscoveringMemory Corruptions in IoT Through App-based Fuzzing[C]//NDSS.2018.
[9]FENG X,SUN R,ZHU X,et al.Snipuzz:Black-box fuzzing of iot firmware via message snippet inference[C]//Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security.2021:337-350.
[10]ZHENG Y,DAVANIAN A,YIN H,et al.FIRM-AFL:high-throughput greybox fuzzing of iot firmware via augmented process emulation[C]//28th {USENIX} Security Symposium({USENIX} Security 19).2019:1099-1114.
[11]SRIVASTAVA P,PENG H,LI J,et al.Firmfuzz:Automated iot firmware introspection and analysis[C]//Proceedings of the 2nd International ACM Workshop on Security and Privacy for the Internet-of-Things.2019:15-21.
[12]CHEN D D,WOO M,BRUMLEY D,et al.Towards Automated Dynamic Analysis for Linux-based Embedded Firmware[C]//NDSS.2016,1:1.1-8.1.
[13]OpenResty-a dynamic web platform based on NGINX and LuaJIT[EB/OL].(2013-08-26)[2021-12-16].http://openresty.org/.
[14]BOLLAPRAGADA V,MURPHY C,WHITE R.Inside cisco ios software architecture[M].Cisco Press,2000.
[15]WANG Z,ZHANG Y,LIU Q.Rpfuzzer:A framework for discovering router protocols vulnerabilities based on fuzzing[J].KSII Transactions on Internet and Information Systems(TIIS),2013,7(8):1989-2009.
[16]ZHU L,FU X,YAO Y,et al.FIoT:detecting the memory cor-ruption in lightweight IoT device firmware[C]//2019 18th IEEE International Conference on Trust,Security And Privacy In Computing And Communications/13th IEEE International Conference on Big Data Science And Engineering(TrustCom/BigDataSE).IEEE,2019:248-255.
[17]YU L,WANG H,LI L,et al.Towards Automated Detection of Higher-Order Command Injection Vulnerabilities in IoT Devices:Fuzzing With Dynamic Data Flow Analysis[J].International Journal of Digital Crime and Forensics(IJDCF),2021,13(6):1-14.
[18]JIANG Y,XIE W,TANG Y.Detecting authentication-bypassflaws in a large scale of IoT embedded web servers[C]//Proceedings of the 8th International Conference on Communication and Network Security.2018:56-63.
[19]CHEN L,WANG Y,CAI Q,et al.Sharing More and Checking Less:Leveraging Common Input Keywords to Detect Bugs in Embedded Systems[C]//30th {USENIX} Security Symposium({USENIX} Security 21).2021.
[20]HALLER I,SLOWINSKA A,NEUGSCHWANDTNER M,et al.Dowsing for Overfiows:A Guided Fuzzer to Find Buffer Boundary Violations[C]//22nd {USENIX} Security Sympo-sium({USENIX} Security 13).2013:49-64.
[21]COSTIN A.Lua code:security overview and practical approaches to static analysis[C]//2017 IEEE Security and Privacy Workshops(SPW).IEEE,2017:132-142.
[1] YANG Pengfei, CAI Ruijie, GUO Shichen, LIU Shengli. Container-based Intrusion Detection Method for Cisco IOS-XE [J]. Computer Science, 2023, 50(4): 298-307.
[2] LIU Zerun, ZHENG Hong, QIU Junjie. Smart Contract Vulnerability Detection Based on Abstract Syntax Tree Pruning [J]. Computer Science, 2023, 50(4): 317-322.
[3] YANG Yahui, MA Rongkuan, GENG Yangyang, WEI Qiang, JIA Yan. Black-box Fuzzing Method Based on Reverse-engineering for Proprietary Industrial Control Protocol [J]. Computer Science, 2023, 50(4): 323-332.
[4] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[5] HU Zhi-hao, PAN Zu-lie. Testcase Filtering Method Based on QRNN for Network Protocol Fuzzing [J]. Computer Science, 2022, 49(5): 318-324.
[6] ZHANG Ying-li, MA Jia-li, LIU Zi-ang, LIU Xin, ZHOU Rui. Overview of Vulnerability Detection Methods for Ethereum Solidity Smart Contracts [J]. Computer Science, 2022, 49(3): 52-61.
[7] CHEN Qiao-song, HE Xiao-yang, XU Wen-jie, DENG Xin, WANG Jin, PIAO Chang-hao. Reentrancy Vulnerability Detection Based on Pre-training Technology and Expert Knowledge [J]. Computer Science, 2022, 49(11A): 211200182-8.
[8] WANG Chang-jing, DING Xi-long, CHEN Xi, LUO Hai-mei, ZUO Zheng-kang. Web Service Modeling Based on Model-driven and Three-stage Model Transformation Method [J]. Computer Science, 2022, 49(11A): 211100055-14.
[9] ZHANG Bing-qing, FEI Qi, WANG Yi-chen, Yang Zhao. Study on Integration Test Order Generation Algorithm for SOA [J]. Computer Science, 2022, 49(11): 24-29.
[10] WANG Tian-yuan, WU Shu-hong, LI Zhao-ji, XIN Hao-guang, LI Xuan, CHEN Yong-le. PGNFuzz:Pointer Generation Network Based Fuzzing Framework for Industry Control Protocols [J]. Computer Science, 2022, 49(10): 310-318.
[11] LI Ming-lei, HUANG Hui, LU Yu-liang, ZHU Kai-long. SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions [J]. Computer Science, 2021, 48(5): 25-31.
[12] LI Yi-hao, HONG Zheng, LIN Pei-hong. Fuzzing Test Case Generation Method Based on Depth-first Search [J]. Computer Science, 2021, 48(12): 85-93.
[13] TU Liang-qiong, SUN Xiao-bing, ZHANG Jia-le, CAI Jie, LI Bin, BO Li-li. Survey of Vulnerability Detection Tools for Smart Contracts [J]. Computer Science, 2021, 48(11): 79-88.
[14] YU Yang, XING Bin, ZENG Jun, WEN Jun-hao. KSN:A Web Service Discovery Method Based on Knowledge Graph and Similarity Network [J]. Computer Science, 2021, 48(10): 160-166.
[15] GONG Kou-lin, ZHOU Yu, DING Li, WANG Yong-chao. Vulnerability Detection Using Bidirectional Long Short-term Memory Networks [J]. Computer Science, 2020, 47(5): 295-300.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.