Vulnerability CVE-2013-5210


Published: 2013-12-29   Modified: 2013-12-30

Description:
Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Adtran Netvanta 7100 Bypass / XSS / Injection
J. Oquendo
19.09.2013

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Adtran
Product: AOS 
Version: 10.8.0;
Product: Netvanta 7060 
Product: Netvanta 7100 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf
https://supportforums.adtran.com/docs/DOC-6414

Related CVE
CVE-2005-4565
Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated...
CVE-2005-4566
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKE...
CVE-2005-4564
The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
CVE-2000-0292
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.

Copyright 2018, cxsecurity.com

 

Back to Top