Share
## https://sploitus.com/exploit?id=97818DD3-63AB-56D2-B60D-C3D527539DEB
# CVE-2022-37298: RCE in Shinken Monitoring 

**Versions affected:** 2.4.3  
**Disclosure link:** https://github.com/naparuba/shinken/commit/2dae40fd1e713aec9e1966a0ab7a580b9180cff2  
**CVE link:** https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37298  
  
## Description

The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme (actually no authentication at all) when unserializing objects passed from legitimate monitoring nodes to the Shinken server. A remote attacker can craft and send a pickle object instantiating an internal, implicitly trusted Shinken object; some of which can be leveraged to execute arbitrary code on the monitoring server itself.

### Usage
`python CVE-2022-37298.py` 

![poc](https://user-images.githubusercontent.com/12803470/199597211-e142b785-d457-4d06-8a26-3603ab014b09.gif)