CVE-2022-27228

Name of the Vulnerable Software and Affected Versions Bitrix Site Manager versions prior to 21.0.100 Bitrix Site Manager versions 22.0.0 through 22.0.400 Bitrix Site Manager module Landing versions prior to 23.800.0

Description The 'vote' (also known as "Polls, Votes") module in Bitrix Site Manager contains a flaw that allows a remote, unauthenticated attacker to execute arbitrary code. This is due to the ability to send specially crafted network packets, enabling the attacker to write arbitrary files to the vulnerable system. Approximately 160,000 sites are estimated to be susceptible to this issue. A separate issue exists in the Landing module, allowing for arbitrary code execution. The exploitation flow for the Landing module is complex. The module has its own versioning separate from the core module. The vulnerable module allows attackers to redirect users from a legitimate site to malicious resources. The API endpoint /bitrix/admin/* is highlighted as a potential area of concern, and restricting access to it is recommended.

Recommendations Update Bitrix Site Manager to a version prior to 21.0.100. Update Bitrix Site Manager to version 22.0.400 or later. Update the Landing module to version 23.850.0 or later. Restrict access to the /bitrix/admin/* API endpoint.