ID

VAR-201209-0471


CVE

CVE-2012-4923


TITLE

Endian Firewall Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-004428

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. (1) dnat.cgi of createrule Parameters (2) dansguardian.cgi of addrule Parameters (3) openvpn_users.cgi of PATH_INFO. Endian Firewall is an open source firewall device. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. It is being developed by the Italian Endian Srl and the community. Endian is originally based on IPCop, which itself was a fork of Smoothwall. (Copy of the Vendor Website: http://en.wikipedia.org/wiki/Endian_Firewall ) Einfach, schnell und zukunftssicher! Die ideale Lösung, um Ihre Filialen und industriellen Zweigstellen rund um den Globus zu schützen. Endian 4i ist die ideale Lösung für Büroaußenstellen oder Industrieinstallationen. Die Firewall ist in den zwei Varianten „Office“ und „Industrial“ erhältlich. Die Office-Version bietet alle Funktionen, um Netzwerke in der Firma und in Verbindung mit Außenstellen einfach und sicher zu verlinken. Derselbe Funktionsumfang ist bei der Industrial-Version vorhanden, die sich speziell an den Industriebereich richtet und 24V Support bietet sowie auf der Hutschiene installiert werden kann. Remote-Supporting, Remote-Konfiguration, Systemüberwachung bis hin zur einfachen, sicheren Vernetzung von Außenstellen – die Kostenvorteile dabei liegen auf der Hand. Sichern auch Sie sich die Konnektivität Ihres Unternehmens ab, und behalten Sie mit der Endian 4i stets die Nase vorn. (Copy of the Vendor Homepage: http://www.endian.com/de/products/utm-hardware/4i/) Abstract: ========= The Vulnerability Lab Team discovered mutliple non persistent Cross Site Scripting Vulnerabilities on Endians UTM Firewall v2.4.x Application. Report-Timeline: ================ 2011-02-02: Vendor Notification 2012-02-18: Public or Non-Public Disclosure Status: ======== Published Affected Products: ================== Endian Product: UTM Firewall Appliance Application v2.4.x Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== Multiple non persistent cross site scripting vulnerabilities are detected on Endian Firewall v2.4.x UTM Appliance Application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required user inter action or local low privileged user account. Successful exploitation can result in account steal, phishing & client-side content request manipulation. Vulnerable Module(s): [+] openvpn_users.cgi [+] dnat.cgi#createrule [+] dansguardian.cgi#addrule Picture(s): ../1.png ../2.png ../3.png Proof of Concept: ================= The vulnerabilities can be exploited by local low privileged user accounts or remote attackers with high required user inter action. For demonstration or reproduce ... #1 https://demo.endian.com/cgi-bin/dnat.cgi#createrule [XSS] #2 https://demo.endian.com/cgi-bin/dansguardian.cgi#addrule[XSS] #3 https://demo.endian.com/cgi-bin/openvpn_users.cgi ?=[XSS] Risk: ===== The security risk of the cross site scripting vulnerabilities are estimated as medium(-). Credits: ======== Vulnerability Research Laboratory Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com

Trust: 2.61

sources: NVD: CVE-2012-4923 // JVNDB: JVNDB-2012-004428 // CNVD: CNVD-2012-5804 // BID: 52076 // VULHUB: VHN-58204 // PACKETSTORM: 109942

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-5804

AFFECTED PRODUCTS

vendor:endianmodel:firewallscope:eqversion:2.4

Trust: 3.3

sources: CNVD: CNVD-2012-5804 // BID: 52076 // JVNDB: JVNDB-2012-004428 // CNNVD: CNNVD-201202-373 // NVD: CVE-2012-4923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4923
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4923
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-373
value: MEDIUM

Trust: 0.6

VULHUB: VHN-58204
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4923
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-58204
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-58204 // JVNDB: JVNDB-2012-004428 // CNNVD: CNNVD-201202-373 // NVD: CVE-2012-4923

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-58204 // JVNDB: JVNDB-2012-004428 // NVD: CVE-2012-4923

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-373

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 109942 // CNNVD: CNNVD-201202-373

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004428

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-58204

PATCH

title:Endian Firewall Communityurl:http://www.endian.com/en/community/

Trust: 0.8

sources: JVNDB: JVNDB-2012-004428

EXTERNAL IDS

db:NVDid:CVE-2012-4923

Trust: 3.4

db:BIDid:52076

Trust: 2.0

db:PACKETSTORMid:109942

Trust: 1.8

db:XFid:73330

Trust: 1.2

db:JVNDBid:JVNDB-2012-004428

Trust: 0.8

db:CNNVDid:CNNVD-201202-373

Trust: 0.7

db:CNVDid:CNVD-2012-5804

Trust: 0.6

db:NSFOCUSid:20918

Trust: 0.6

db:EXPLOIT-DBid:36831

Trust: 0.1

db:EXPLOIT-DBid:36833

Trust: 0.1

db:EXPLOIT-DBid:36832

Trust: 0.1

db:VULHUBid:VHN-58204

Trust: 0.1

sources: CNVD: CNVD-2012-5804 // VULHUB: VHN-58204 // BID: 52076 // JVNDB: JVNDB-2012-004428 // PACKETSTORM: 109942 // CNNVD: CNNVD-201202-373 // NVD: CVE-2012-4923

REFERENCES

url:http://www.vulnerability-lab.com/get_content.php?id=436

Trust: 1.8

url:http://www.securityfocus.com/bid/52076

Trust: 1.7

url:http://packetstormsecurity.org/files/109942/endian-utm-firewall-2.4.x-cross-site-scripting.html

Trust: 1.7

url:http://xforce.iss.net/xforce/xfdb/73330

Trust: 1.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/73330

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4923

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4923

Trust: 0.8

url:http://www.nsfocus.net/vulndb/20918

Trust: 0.6

url:http://www.endian.com/en/products/firewall/appliances/

Trust: 0.3

url:https://demo.endian.com/cgi-bin/openvpn_users.cgi

Trust: 0.1

url:https://demo.endian.com/cgi-bin/dansguardian.cgi#addrule[xss]

Trust: 0.1

url:http://www.endian.com/de/products/utm-hardware/4i/)

Trust: 0.1

url:http://en.wikipedia.org/wiki/endian_firewall

Trust: 0.1

url:https://demo.endian.com/cgi-bin/dnat.cgi#createrule

Trust: 0.1

sources: CNVD: CNVD-2012-5804 // VULHUB: VHN-58204 // BID: 52076 // JVNDB: JVNDB-2012-004428 // PACKETSTORM: 109942 // CNNVD: CNNVD-201202-373 // NVD: CVE-2012-4923

CREDITS

Vulnerability Research Laboratory

Trust: 0.9

sources: BID: 52076 // CNNVD: CNNVD-201202-373

SOURCES

db:CNVDid:CNVD-2012-5804
db:VULHUBid:VHN-58204
db:BIDid:52076
db:JVNDBid:JVNDB-2012-004428
db:PACKETSTORMid:109942
db:CNNVDid:CNNVD-201202-373
db:NVDid:CVE-2012-4923

LAST UPDATE DATE

2024-08-14T14:41:02.619000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-5804date:2012-10-16T00:00:00
db:VULHUBid:VHN-58204date:2017-08-29T00:00:00
db:BIDid:52076date:2015-03-19T07:35:00
db:JVNDBid:JVNDB-2012-004428date:2012-09-19T00:00:00
db:CNNVDid:CNNVD-201202-373date:2012-02-22T00:00:00
db:NVDid:CVE-2012-4923date:2017-08-29T01:32:25.417

SOURCES RELEASE DATE

db:CNVDid:CNVD-2012-5804date:2012-10-16T00:00:00
db:VULHUBid:VHN-58204date:2012-09-15T00:00:00
db:BIDid:52076date:2012-02-18T00:00:00
db:JVNDBid:JVNDB-2012-004428date:2012-09-19T00:00:00
db:PACKETSTORMid:109942date:2012-02-18T16:27:09
db:CNNVDid:CNNVD-201202-373date:1900-01-01T00:00:00
db:NVDid:CVE-2012-4923date:2012-09-15T17:55:07.223