Exploitalert - Database of Exploits

DELL SonicWALL Universal Management Suite 7.1 Cross Site Scripting

CVE	Category	Price	Severity
CVE-2021-2009	CWE-79	$5,000	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2014-02-13

CPE
cpe:cpe:/a:dell:sonicwall_universal_management_suite:7.1

CVSS	EPSS	EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	0.02192	0.50148

CVSS vector description

Metric	Value	Metric Description	Value Description
Attack vector	Network	AV	The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity	Low	AC	The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required	None	PR	The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
Scope	Unchanged	S	An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality	Low	C	There is some impact on confidentiality, but the attacker either does not gain control of any data, or the information obtained does not have a significant impact on the system or its operations.
Integrity	None	I	There is no impact on the integrity of the system; the attacker does not gain the ability to modify any files or information on the target system.
Availability	None	A	There is no impact on the availability of the system; the attacker does not have the ability to disrupt access to or use of the system.

http://cxsecurity.com/ascii/WLB-2014020108

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in DELL SonicWALL Universal Management Suite v7.1 II. BACKGROUND ------------------------- Dell(R) SonicWALL(R) provides intelligent network security and data protection solutions that enable customers and partners to dynamically secure, control, and scale their global networks. III. DESCRIPTION ------------------------- Has been detected a Reflected XSS vulnerability in DELL SonicWALL Universal Management Suite. The code injection is done through the parameter "node_id " in the page "/sgms/mainPage?page=genNetwork&screenid=1002&manager=ScreenDisplayManager&level=1&node_id" IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter "node_id" correctly. https://ip_gms/sgms/mainPage?page=genNetwork&screenid=1002&manager=ScreenDisplayManager&level=1&node_id=aaaaa"><script>alert(document.cookie);</script>&screenid=1002&unused=&help_url=&node_name=Instance View&unitType=1&searchBySonicwall=0 V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, , that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser allowing Cookie Theft/Session Hijacking, thus enabling full access the box. VI. SYSTEMS AFFECTED ------------------------- Tested DELL SonicWALL Universal Management Suite v7.1 DEMO ONLINE VII. SOLUTION ------------------------- All data received by the application and can be modified by the user, before making any kind of transaction with them must be validated VII. REFERENCES ------------------------- http://www.kb.cert.org/vuls/id/727318 http://www.sonicwall.com/us/shared/download/Support_Bulletin_GMS_Vulnerability_XSS_Resolved_in_7.1_SP2_and_7.2.pdf By William Costa [email protected]

Impressum