Sign-up

ID

VAR-200609-0397


CVE

CVE-2006-4909


TITLE

Cisco Guard DDoS Mitigation Appliance Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2006-001290

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. Cisco Guard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the visited site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. When anti-spoofing is enabled, a remote attacker can pass certain URLs that are not properly processed when the device sends metadata refresh. Character sequences injected into arbitrary web script or HTML. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. The vulnerability is caused due to insufficient filtering of a meta-refresh before it is being returned to a user. If Cisco Guard is running in active basic protection, going through basic/redirect protection, this can be exploited to execute HTML and script code in a user's browser session by e.g. tricking a user into following a specially crafted URL. The vulnerability affects the following products: - Cisco Guard Appliance version 3.X - Cisco Guard Blade version 4.X - Cisco Guard Appliance versions 5.0(3) and 5.1(5) SOLUTION: Update to version 5.1(6) or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20060920-guardxss.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-4909 // JVNDB: JVNDB-2006-001290 // BID: 20122 // VULHUB: VHN-21017 // PACKETSTORM: 50203

AFFECTED PRODUCTS

vendor:ciscomodel:guard ddos mitigation appliancescope:lteversion:5.1\(5\)

Trust: 1.0

vendor:ciscomodel:guard ddos mitigation appliancescope:ltversion:5.1(6)

Trust: 0.8

vendor:ciscomodel:guard ddos mitigation appliancescope:eqversion:5.1\(5\)

Trust: 0.6

vendor:ciscomodel:guardscope:eqversion:3.1(0)

Trust: 0.3

vendor:ciscomodel:guardscope:eqversion:3.08.12

Trust: 0.3

vendor:ciscomodel:guardscope:eqversion:3.08

Trust: 0.3

vendor:ciscomodel:guardscope:eqversion:5.1(5)

Trust: 0.3

vendor:ciscomodel:guardscope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:guardscope:eqversion:5.0(1)

Trust: 0.3

vendor:ciscomodel:guardscope:eqversion:4.0

Trust: 0.3

vendor:ciscomodel:guardscope:eqversion:3.1(0.12)

Trust: 0.3

vendor:ciscomodel:anomaly guard modulescope:eqversion:5.0(3)

Trust: 0.3

vendor:ciscomodel:anomaly guard modulescope:eqversion:5.0(1)

Trust: 0.3

vendor:ciscomodel:guardscope:neversion:5.1(6)

Trust: 0.3

sources: BID: 20122 // JVNDB: JVNDB-2006-001290 // CNNVD: CNNVD-200609-372 // NVD: CVE-2006-4909

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4909
value: LOW

Trust: 1.0

NVD: CVE-2006-4909
value: LOW

Trust: 0.8

CNNVD: CNNVD-200609-372
value: LOW

Trust: 0.6

VULHUB: VHN-21017
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2006-4909
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21017
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21017 // JVNDB: JVNDB-2006-001290 // CNNVD: CNNVD-200609-372 // NVD: CVE-2006-4909

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4909

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-372

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 50203 // CNNVD: CNNVD-200609-372

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001290

PATCH
title:cisco-sa-20060920-guardxssurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060920-guardxss
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001290

EXTERNAL IDS
db:NVDid:CVE-2006-4909
Trust: 2.5
db:BIDid:20122
Trust: 2.0
db:SECUNIAid:21962
Trust: 1.8
db:VUPENid:ADV-2006-3720
Trust: 1.7
db:OSVDBid:29035
Trust: 1.7
db:SECTRACKid:1016890
Trust: 1.7
db:JVNDBid:JVNDB-2006-001290
Trust: 0.8
db:CNNVDid:CNNVD-200609-372
Trust: 0.7
db:CISCOid:20060920 CISCO SECURITY ADVISORY: CISCO GUARD ENABLES CROSS SITE SCRIPTING
Trust: 0.6
db:XFid:29057
Trust: 0.6
db:VULHUBid:VHN-21017
Trust: 0.1
db:PACKETSTORMid:50203
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21017 // 
            
            
            
            BID: 20122 // 
            
            
            
            JVNDB: JVNDB-2006-001290 // 
            
            
            
            PACKETSTORM: 50203 // 
            
            
            
            CNNVD: CNNVD-200609-372 // 
            
            
            
            NVD: CVE-2006-4909

REFERENCES
url:http://www.cisco.com/warp/public/707/cisco-sa-20060920-guardxss.shtml
Trust: 2.1
url:http://www.securityfocus.com/bid/20122
Trust: 1.7
url:http://www.osvdb.org/29035
Trust: 1.7
url:http://securitytracker.com/id?1016890
Trust: 1.7
url:http://secunia.com/advisories/21962
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/3720
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29057
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4909
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4909
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/29057
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/3720
Trust: 0.6
url:http://www.cisco.com/en/us/products/ps5888/products_configuration_guide_chapter09186a00804b7d13.html#wp1135548
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps5888/
Trust: 0.3
url:/archive/1/446489
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/8097/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/quality_assurance_analyst/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/product/4387/
Trust: 0.1
url:http://secunia.com/advisories/21962/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/web_application_security_specialist/
Trust: 0.1
url:http://secunia.com/product/8096/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21017 // 
            
            
            
            BID: 20122 // 
            
            
            
            JVNDB: JVNDB-2006-001290 // 
            
            
            
            PACKETSTORM: 50203 // 
            
            
            
            CNNVD: CNNVD-200609-372 // 
            
            
            
            NVD: CVE-2006-4909

CREDITS
This vendor disclosed this issue.
Trust: 0.9
sources:
            
            
            BID: 20122 // 
            
            
            
            CNNVD: CNNVD-200609-372

SOURCES
db:VULHUBid:VHN-21017
db:BIDid:20122
db:JVNDBid:JVNDB-2006-001290
db:PACKETSTORMid:50203
db:CNNVDid:CNNVD-200609-372
db:NVDid:CVE-2006-4909

LAST UPDATE DATE
2024-08-14T15:40:43.831000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21017date:2017-07-20T00:00:00
db:BIDid:20122date:2006-09-21T17:56:00
db:JVNDBid:JVNDB-2006-001290date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200609-372date:2006-09-28T00:00:00
db:NVDid:CVE-2006-4909date:2017-07-20T01:33:23.447

SOURCES RELEASE DATE
db:VULHUBid:VHN-21017date:2006-09-21T00:00:00
db:BIDid:20122date:2006-09-20T00:00:00
db:JVNDBid:JVNDB-2006-001290date:2012-06-26T00:00:00
db:PACKETSTORMid:50203date:2006-09-21T23:56:25
db:CNNVDid:CNNVD-200609-372date:2006-09-20T00:00:00
db:NVDid:CVE-2006-4909date:2006-09-21T00:07:00