Details of VAR-201209-0471

ID

VAR-201209-0471

CVE

CVE-2012-4923

TITLE

Endian Firewall Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-004428

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. (1) dnat.cgi of createrule Parameters (2) dansguardian.cgi of addrule Parameters (3) openvpn_users.cgi of PATH_INFO. Endian Firewall is an open source firewall device. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal cookie-based authentication credentials. Other attacks are also possible. It is being developed by the Italian Endian Srl and the community. Endian is originally based on IPCop, which itself was a fork of Smoothwall. (Copy of the Vendor Website: http://en.wikipedia.org/wiki/Endian_Firewall ) Einfach, schnell und zukunftssicher! Die ideale Lösung, um Ihre Filialen und industriellen Zweigstellen rund um den Globus zu schützen. Endian 4i ist die ideale Lösung für Büroaußenstellen oder Industrieinstallationen. Die Firewall ist in den zwei Varianten „Office“ und „Industrial“ erhältlich. Die Office-Version bietet alle Funktionen, um Netzwerke in der Firma und in Verbindung mit Außenstellen einfach und sicher zu verlinken. Derselbe Funktionsumfang ist bei der Industrial-Version vorhanden, die sich speziell an den Industriebereich richtet und 24V Support bietet sowie auf der Hutschiene installiert werden kann. Remote-Supporting, Remote-Konfiguration, Systemüberwachung bis hin zur einfachen, sicheren Vernetzung von Außenstellen – die Kostenvorteile dabei liegen auf der Hand. Sichern auch Sie sich die Konnektivität Ihres Unternehmens ab, und behalten Sie mit der Endian 4i stets die Nase vorn. (Copy of the Vendor Homepage: http://www.endian.com/de/products/utm-hardware/4i/) Abstract: ========= The Vulnerability Lab Team discovered mutliple non persistent Cross Site Scripting Vulnerabilities on Endians UTM Firewall v2.4.x Application. Report-Timeline: ================ 2011-02-02: Vendor Notification 2012-02-18: Public or Non-Public Disclosure Status: ======== Published Affected Products: ================== Endian Product: UTM Firewall Appliance Application v2.4.x Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== Multiple non persistent cross site scripting vulnerabilities are detected on Endian Firewall v2.4.x UTM Appliance Application. The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions with high required user inter action or local low privileged user account. Successful exploitation can result in account steal, phishing & client-side content request manipulation. Vulnerable Module(s): [+] openvpn_users.cgi [+] dnat.cgi#createrule [+] dansguardian.cgi#addrule Picture(s): ../1.png ../2.png ../3.png Proof of Concept: ================= The vulnerabilities can be exploited by local low privileged user accounts or remote attackers with high required user inter action. For demonstration or reproduce ... #1 https://demo.endian.com/cgi-bin/dnat.cgi#createrule [XSS] #2 https://demo.endian.com/cgi-bin/dansguardian.cgi#addrule[XSS] #3 https://demo.endian.com/cgi-bin/openvpn_users.cgi ?=[XSS] Risk: ===== The security risk of the cross site scripting vulnerabilities are estimated as medium(-). Credits: ======== Vulnerability Research Laboratory Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com

Trust: 2.61

sources: NVD: CVE-2012-4923 // JVNDB: JVNDB-2012-004428 // CNVD: CNVD-2012-5804 // BID: 52076 // VULHUB: VHN-58204 // PACKETSTORM: 109942

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-5804

AFFECTED PRODUCTS

vendor:

endian

model:

firewall

scope:

version:

2.4

Trust: 3.3

sources: CNVD: CNVD-2012-5804 // BID: 52076 // JVNDB: JVNDB-2012-004428 // CNNVD: CNNVD-201202-373 // NVD: CVE-2012-4923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4923
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4923
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201202-373
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-58204
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4923
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-58204
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-58204 // JVNDB: JVNDB-2012-004428 // CNNVD: CNNVD-201202-373 // NVD: CVE-2012-4923

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-58204 // JVNDB: JVNDB-2012-004428 // NVD: CVE-2012-4923

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-373

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 109942 // CNNVD: CNNVD-201202-373

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004428

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-58204

PATCH

title:

Endian Firewall Community

url:

http://www.endian.com/en/community/

Trust: 0.8

sources: JVNDB: JVNDB-2012-004428

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4923	Trust: 3.4
db:	BID	id:	52076	Trust: 2.0
db:	PACKETSTORM	id:	109942	Trust: 1.8
db:	XF	id:	73330	Trust: 1.2
db:	JVNDB	id:	JVNDB-2012-004428	Trust: 0.8
db:	CNNVD	id:	CNNVD-201202-373	Trust: 0.7
db:	CNVD	id:	CNVD-2012-5804	Trust: 0.6
db:	NSFOCUS	id:	20918	Trust: 0.6
db:	EXPLOIT-DB	id:	36831	Trust: 0.1
db:	EXPLOIT-DB	id:	36833	Trust: 0.1
db:	EXPLOIT-DB	id:	36832	Trust: 0.1
db:	VULHUB	id:	VHN-58204	Trust: 0.1

sources: CNVD: CNVD-2012-5804 // VULHUB: VHN-58204 // BID: 52076 // JVNDB: JVNDB-2012-004428 // PACKETSTORM: 109942 // CNNVD: CNNVD-201202-373 // NVD: CVE-2012-4923

REFERENCES

url:	http://www.vulnerability-lab.com/get_content.php?id=436	Trust: 1.8
url:	http://www.securityfocus.com/bid/52076	Trust: 1.7
url:	http://packetstormsecurity.org/files/109942/endian-utm-firewall-2.4.x-cross-site-scripting.html	Trust: 1.7
url:	http://xforce.iss.net/xforce/xfdb/73330	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/73330	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4923	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4923	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20918	Trust: 0.6
url:	http://www.endian.com/en/products/firewall/appliances/	Trust: 0.3
url:	https://demo.endian.com/cgi-bin/openvpn_users.cgi	Trust: 0.1
url:	https://demo.endian.com/cgi-bin/dansguardian.cgi#addrule[xss]	Trust: 0.1
url:	http://www.endian.com/de/products/utm-hardware/4i/)	Trust: 0.1
url:	http://en.wikipedia.org/wiki/endian_firewall	Trust: 0.1
url:	https://demo.endian.com/cgi-bin/dnat.cgi#createrule	Trust: 0.1

sources: CNVD: CNVD-2012-5804 // VULHUB: VHN-58204 // BID: 52076 // JVNDB: JVNDB-2012-004428 // PACKETSTORM: 109942 // CNNVD: CNNVD-201202-373 // NVD: CVE-2012-4923

CREDITS

Vulnerability Research Laboratory

Trust: 0.9

sources: BID: 52076 // CNNVD: CNNVD-201202-373

SOURCES

db:	CNVD	id:	CNVD-2012-5804
db:	VULHUB	id:	VHN-58204
db:	BID	id:	52076
db:	JVNDB	id:	JVNDB-2012-004428
db:	PACKETSTORM	id:	109942
db:	CNNVD	id:	CNNVD-201202-373
db:	NVD	id:	CVE-2012-4923

LAST UPDATE DATE

2024-08-14T14:41:02.619000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-5804	date:	2012-10-16T00:00:00
db:	VULHUB	id:	VHN-58204	date:	2017-08-29T00:00:00
db:	BID	id:	52076	date:	2015-03-19T07:35:00
db:	JVNDB	id:	JVNDB-2012-004428	date:	2012-09-19T00:00:00
db:	CNNVD	id:	CNNVD-201202-373	date:	2012-02-22T00:00:00
db:	NVD	id:	CVE-2012-4923	date:	2017-08-29T01:32:25.417

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-5804	date:	2012-10-16T00:00:00
db:	VULHUB	id:	VHN-58204	date:	2012-09-15T00:00:00
db:	BID	id:	52076	date:	2012-02-18T00:00:00
db:	JVNDB	id:	JVNDB-2012-004428	date:	2012-09-19T00:00:00
db:	PACKETSTORM	id:	109942	date:	2012-02-18T16:27:09
db:	CNNVD	id:	CNNVD-201202-373	date:	1900-01-01T00:00:00
db:	NVD	id:	CVE-2012-4923	date:	2012-09-15T17:55:07.223