0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Cisco Ironport Cross Site Request Forgery / Cross Site Scripting
Author
Risk
[Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
Tittle: Cisco IronPort Security Management Appliance - Multiple issues
Risk: Medium
Date: 20.May.2013
Author: Pedro Andujar
Twitter: @pandujar
.: [ INTRO ] :.
The Cisco Security Management Appliance helps to enable flexible management and comprehensive security control
at the network gateway. Is a central platform for managing all policy, reporting, and auditing information
for Cisco web and email security appliances.
.: [ TECHNICAL DESCRIPTION ] :.
Cisco IronPort Security Management Appliance M170 v7.9.1-030 (and probably other products), are prone to several security issues
as described below;
.: [ ISSUE #1 }:.
Name: Reflected Cross Site Scripting
Severity: Low
CVE: CVE-2013-3396
There is a lack of output escaping in the default error 500 page. When a exception occurs in the application, the error
description contains user unvalidated input from the request:
** PoC removed as requested by Cisco. **
.: [ ISSUE #2 }:.
Name: Stored Cross Site Scripting
Severity: Medium
Due to a lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then
printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields.
** PoC removed as requested by Cisco. **
.: [ ISSUE #3 }:.
Name: CSRF Token is not used
Severity: Low
CVE: CVE-2013-3395
CSRFKey is not used in some areas of the application, which make even easier to exploit Reflected XSS Issues. In the /report area
of the application, we got no error even when completely removing the parameter CSRFKey;
** PoC removed as requested by Cisco. **
See: http://tools.cisco.com/security/center/viewAlert.x?alertId=29844
.: [ ISSUE #4 }:.
Name: Lack of password obfuscation
Severity: Low
When exporting the configuration file even if you mark the "mask password" option, the SNMPv3 password still appears in cleartext.
.: [ CHANGELOG ] :.
* 20/May/2013: - Vulnerability found.
* 27/May/2013: - Vendor contacted.
* 11/Jul/2013: - Public Disclosure
.: [ SOLUTIONS ] :.
Thanks to Stefano De Crescenzo (Cisco PSIRT Team), because of his professional way of managing the entire process.
Stored XSS
CSCuh24755
Reflected XSS
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396
SNMP password issue
CSCuh27268, CSCuh70314
CSRF
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395
# 0day.today [2024-11-16] #