Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting

2012-06-11 / 2012-06-13
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Inshell Security Advisory http://www.inshell.net/ 1. ADVISORY INFORMATION ----------------------- Product: Astaro Security Gateway Vendor URL: www.astaro.com / www.sophos.com Type: Cross-site Scripting [CWE-79] Date found: 2012-05-11 Date published: 2012-06-10 CVSSv2 Score: 3,5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE: CVE-2012-3238 2. CREDITS ---------- This vulnerability was discovered and researched by Julien Ahrens from Inshell Security. 3. VERSIONS AFFECTED -------------------- Astaro Security Gateway v8.304, older versions are affected too. 4. VULNERABILITY DESCRIPTION ---------------------------- A Persistent Cross-Site Scripting Vulnerability has been found on the Astaro Security Gateway product. The vulnerability is located in the backup-function of the software: Vulnerable Module(s): +Management -> Backup/Restore Parameter: "Comment (optional)" The input field "Comment (optional)" is shown on the "Available backups" view after successful creation of a new backup and is also included into the backup-file itself. Due to improper input - validation of this input field, an attacker could permanently inject arbitrary code with required user interaction into the context of the firewall-interface. Successful exploitation of the vulnerability allows for example cookie theft, session hijacking or server side context manipulation. 5. PROOF-OF-CONCEPT (CODE / EXPLOIT) ------------------------------------ An attacker needs to force the victim to import an arbitrary backup-file. The victim does not need to apply the backup, only the import is required to exploit the vulnerability. For further information (screenshots, PoCs etc.) visit: http://security.inshell.net/advisory/27 6. SOLUTION ----------- Update to v8.305. 7. REPORT TIMELINE ------------------ 2012-05-12: Initial notification sent to vendor 2012-05-12: Vendor response 2012-05-12: Vulnerability details reported to vendor 2012-05-15: Vendor acknowledgement 2012-05-31: Vendor releases Update / Fix 2012-06-10: Coordinated public release of advisory 8. REFERENCES ------------- http://www.astaro.com/en-uk/blog/up2date/8305 http://security.inshell.net

References:

http://www.astaro.com/en-uk/blog/up2date/8305
http://security.inshell.net


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top