Vulnerability in DotNetNuke (DNN) Content Management System Could Allow for Unauthorized Access
MS-ISAC ADVISORY NUMBER:2016-085
A vulnerability has been discovered in DotNetNuke, which could allow for unauthorized access. DNN is a content management system (CMS) for websites. Successful exploitation could result in an attacker gaining Super User access to the CMS allowing access to sensitive information, and the ability to add, remove, or modify content. An attacker can also utilize the vulnerability in phishing campaigns to redirect unsuspecting users to a malicious site.
This vulnerability has been observed being exploited in the wild.
- DNN versions prior to 8.0.3
- Large and medium government entities: HIGH
- Small government entities: HIGH
- Large and medium business entities: HIGH
- Small business entities: HIGH
Due to a failure to remove files required for installation of DNN a remote attacker is able to leverage a specially crafted URL to access the install wizard and create Super User accounts. Specifically this occurs when the files InstallWizard.aspx and InstallWizard.aspx.cs exist under the Website RootInstall folder. DNN has released version 8.0.3 to address this issue.
Successful exploitation could result in an attacker gaining Super User access to the CMS allowing access to sensitive information, and the ability to add, remove, or modify content.
DNN has also released a work around which entails manually removing the following files from the Website FolderInstall location.
We recommend the following actions be taken:
Update DNN CMS to the latest version after appropriate testing.
Verify that all files listed above have been removed, and review current Super User accounts for unauthorized access.
Verify that no unauthorized changes have occurred on the system prior to implementing patches.
Confirm that the operating system and all other applications on the system running this CMS are updated with the most recent patches.