摘要
思科公司的新型操作系统Cisco IOS-XE广泛部署于Cisco路由器、交换机等平台,但系统的Web管理服务中存在通过命令注入实现权限逃逸的安全漏洞,使网络安全面临严重威胁。近年来,模糊测试常被用于检测嵌入式设备的安全漏洞,然而目前没有针对Cisco IOS-XE系统Web管理服务的模糊测试框架,由于IOS-XE特有的系统架构和命令模式,现有IoT模糊测试方法在IOS-XE上的检测效果不佳。为此,提出了一个针对Cisco IOS-XE系统Web管理服务的模糊测试框架CRFuzzer,用于检测命令注入漏洞。CRFuzzer结合Web前端请求和后端程序分析以优化种子生成,基于命令注入漏洞的特征发现脆弱代码以缩小测试范围。为了评估CRFuzzer的漏洞检测效果,在实体路由器ISR 4000系列和云路由器CSR 1000v上对31个不同版本共124个固件进行了测试,共检测出11个命令注入漏洞,其中2个为未公开漏洞。
Cisco’s new operating system,Cisco IOS-XE,is widely deployed on platforms such as Cisco routers and switches.However,there are vulnerabilities in the system’s Web management interface to allow permission escalation through command injection.Network security is facing serious threats.In recent years,fuzzing is usually used to detect security vulnerabilities in embedded devices,but there is currently no fuzzing framework for Cisco IOS-XE,and current fuzzing methods for IoT have poor performance due to the unique system architecture and command mode of IOS-XE.To solve the problems mentioned above,this paper proposes a novel fuzzing framework CRFuzzer for the Web management service in Cisco IOS-XE system to detect command injection vulnerabilities.CRFuzzer combines front-end requests and back-end scripts analysis to optimize seed generation,and locates vulnerable code based on characteristics of command injection to narrow the scope of testing.In order to evaluate the vulnerability detection performance of CRFuzzer,124 firmwares of 31 different versions are tested on the physical router ISR 4000 series and the cloud router CSR 1000v,and a total of 11 command injection vulnerabilities are detected,and 2 of them are undisclosed vulnerabilities.
作者
何杰
蔡瑞杰
尹小康
陆炫廷
刘胜利
HE Jie;CAI Ruijie;YIN Xiaokang;LU Xuanting;LIU Shengli(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China)
出处
《计算机科学》
CSCD
北大核心
2023年第4期343-350,共8页
Computer Science
基金
科技委基础加强项目(2019-JCJQ-ZD-113)。
