Sign-up

ID

VAR-201312-0335


CVE

CVE-2013-7025


TITLE

plural Dell SonicWALL Product Alert Settings Section cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-005496

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp. Multiple Dell SonicWALL Products are prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. The following products are vulnerable: Dell SonicWALL Global Management System Dell SonicWALL Analyzer Dell SonicWALL Universal Managemnet Appliance E5000. Dell SonicWALL GMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructure. Dell SonicWALL Analyzer is a set of network analyzer software for SonicWALL infrastructure. A remote, authorized attacker could exploit this vulnerability to inject arbitrary web script or HTML by creating a specially crafted request

Trust: 1.98

sources: NVD: CVE-2013-7025 // JVNDB: JVNDB-2013-005496 // BID: 64103 // VULHUB: VHN-67027

AFFECTED PRODUCTS

vendor:sonicwallmodel:global management systemscope:eqversion:7.1

Trust: 1.6

vendor:sonicwallmodel:uma e5000scope:eqversion:7.0

Trust: 1.6

vendor:sonicwallmodel:analyzerscope:eqversion:7.1

Trust: 1.6

vendor:sonicwallmodel:global management systemscope:eqversion:7.0

Trust: 1.6

vendor:sonicwallmodel:analyzerscope:eqversion:7.0

Trust: 1.6

vendor:sonicwallmodel:uma e5000scope:eqversion:7.1

Trust: 1.6

vendor:dellmodel:sonicwall analyzerscope:eqversion:7.1 sp1 hotfix 134235

Trust: 0.8

vendor:dellmodel:sonicwall analyzerscope:ltversion:7.x

Trust: 0.8

vendor:dellmodel:sonicwall global management systemscope:eqversion:7.1 sp1 hotfix 134235

Trust: 0.8

vendor:dellmodel:sonicwall global management systemscope:ltversion:7.x

Trust: 0.8

vendor:dellmodel:sonicwall universal management appliance e5000scope: - version: -

Trust: 0.8

vendor:dellmodel:sonicwall universal management appliance e5000 softwarescope:eqversion:7.1 sp1 hotfix 134235

Trust: 0.8

vendor:dellmodel:sonicwall universal management appliance e5000 softwarescope:ltversion:7.x

Trust: 0.8

sources: JVNDB: JVNDB-2013-005496 // CNNVD: CNNVD-201312-154 // NVD: CVE-2013-7025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7025
value: LOW

Trust: 1.0

NVD: CVE-2013-7025
value: LOW

Trust: 0.8

CNNVD: CNNVD-201312-154
value: LOW

Trust: 0.6

VULHUB: VHN-67027
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-7025
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-67027
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-67027 // JVNDB: JVNDB-2013-005496 // CNNVD: CNNVD-201312-154 // NVD: CVE-2013-7025

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-67027 // JVNDB: JVNDB-2013-005496 // NVD: CVE-2013-7025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-154

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-154

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005496

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-67027

PATCH
title:Dell SonicWALL GMS Service Bulletin for Cross-Site Scripting Vulnerabilityurl:http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_Hotfix_134235.pdf
Trust: 0.8
title:クロスサイトスクリプティング脆弱性に関する Dell SonicWALL GMS サービス速報url:http://www.sonicwall.com/japan/support/support_notice131209.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005496

EXTERNAL IDS
db:NVDid:CVE-2013-7025
Trust: 2.8
db:BIDid:64103
Trust: 2.0
db:EXPLOIT-DBid:30054
Trust: 1.7
db:SECTRACKid:1029433
Trust: 1.7
db:OSVDBid:100610
Trust: 1.7
db:SECUNIAid:55923
Trust: 1.1
db:JVNDBid:JVNDB-2013-005496
Trust: 0.8
db:CNNVDid:CNNVD-201312-154
Trust: 0.7
db:FULLDISCid:20131205 SONICWALL GMS V7.X - FILTER BYPASS & PERSISTENT VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-83518
Trust: 0.1
db:VULHUBid:VHN-67027
Trust: 0.1
sources:
            
            
            VULHUB: VHN-67027 // 
            
            
            
            BID: 64103 // 
            
            
            
            JVNDB: JVNDB-2013-005496 // 
            
            
            
            CNNVD: CNNVD-201312-154 // 
            
            
            
            NVD: CVE-2013-7025

REFERENCES
url:http://www.vulnerability-lab.com/get_content.php?id=1099
Trust: 2.5
url:http://www.securityfocus.com/bid/64103
Trust: 1.7
url:http://www.sonicwall.com/us/shared/download/support_bulletin_gms_vulnerability_hotfix_134235.pdf
Trust: 1.7
url:http://www.exploit-db.com/exploits/30054
Trust: 1.7
url:http://seclists.org/fulldisclosure/2013/dec/32
Trust: 1.7
url:http://osvdb.org/100610
Trust: 1.7
url:http://www.securitytracker.com/id/1029433
Trust: 1.7
url:http://archives.neohapsis.com/archives/bugtraq/2013-12/0022.html
Trust: 1.1
url:http://secunia.com/advisories/55923
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89462
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7025
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7025
Trust: 0.8
sources:
            
            
            VULHUB: VHN-67027 // 
            
            
            
            JVNDB: JVNDB-2013-005496 // 
            
            
            
            CNNVD: CNNVD-201312-154 // 
            
            
            
            NVD: CVE-2013-7025

CREDITS
Benjamin Kunz Mejri
Trust: 0.3
sources:
            
            
            BID: 64103

SOURCES
db:VULHUBid:VHN-67027
db:BIDid:64103
db:JVNDBid:JVNDB-2013-005496
db:CNNVDid:CNNVD-201312-154
db:NVDid:CVE-2013-7025

LAST UPDATE DATE
2024-11-23T22:23:12.342000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-67027date:2018-03-12T00:00:00
db:BIDid:64103date:2013-12-11T00:47:00
db:JVNDBid:JVNDB-2013-005496date:2013-12-16T00:00:00
db:CNNVDid:CNNVD-201312-154date:2013-12-11T00:00:00
db:NVDid:CVE-2013-7025date:2024-11-21T02:00:11.820

SOURCES RELEASE DATE
db:VULHUBid:VHN-67027date:2013-12-09T00:00:00
db:BIDid:64103date:2013-12-05T00:00:00
db:JVNDBid:JVNDB-2013-005496date:2013-12-16T00:00:00
db:CNNVDid:CNNVD-201312-154date:2013-12-11T00:00:00
db:NVDid:CVE-2013-7025date:2013-12-09T16:36:50.723