Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormGiovanni DelvecchioPACKETSTORM:123911
HistoryNov 05, 2013 - 12:00 a.m.

Cisco MARS Cross Site Scripting

2013-11-0500:00:00
Giovanni Delvecchio
packetstormsecurity.com
31

0.002 Low

EPSS

Percentile

52.2%

JSON
`Vulnerability Type: Cross-Site Scripting  
  
CVE: CVE-2013-5563  
  
Products and affected versions:  
Cisco Security Monitoring, Analysis and Response System (CS-MARS) - All versions  
  
Vendor Website:  
http://www.cisco.com/en/US/products/ps6241/  
  
Cisco Advisory:  
https://tools.cisco.com/bugsearch/bug/CSCul16173  
  
  
=================  
Vulnerability Details  
=================  
  
A Cross Site Scripting vulnerability has been found in Cisco Security Monitoring, Analysis and Response System. The issue is due to the input passed via several fields (eg: isnowLatency) to the /Query/NewQueryResult.jsp page are not properly sanitised before being returned to the user. Other pages could be affected by this issue.  
  
This could exploited to inject arbitrary javascript in the context of an affected user in order to perform some actions when a logged-in user visits a specially crafted web page. For example to manipulate a client session, to execute administrative task, to impersonate a legitimate user in order to view or alter user data, or to perform transactions as that user.  
  
The vulnerability has been tested on Cisco Mars version. Other versions result affected by this vulnerability.  
  
  
=================  
Proof Of Concepts  
=================  
  
PoC-1: Test XSS:  
  
https://cisco_Mars_Site/Query/NewQueryResult.jsp?QueryIndex=0&isLowLatency=no"><script>alert("Vulnerable")</script>  
  
  
  
=========  
Solutions  
=========  
  
As CS-MARS reached the End of Software Maintenance milestone on April 11th, 2009, Cisco will not be releasing software or patches that mitigate the reported cross-site scripting vulnerability.  
  
More information available at:  
http://www.cisco.com/en/US/products/ps6241/prod_eol_notices_list.html  
  
  
  
================  
Other References  
================  
  
Cisco:  
https://tools.cisco.com/bugsearch/bug/CSCul16173  
  
SmartNet:  
http://research.smartnetsecurity.net/advisory/-smt-sa-2013-02-cisco-mars-cross-site-scripting-vulnerability  
  
  
==============  
Credits/Author  
==============  
  
Giovanni Delvecchio  
SmartNet s.r.l.  
  
  
==========  
Disclaimer  
==========  
All information is provided without warranty. The intent is to  
provide information to secure infrastructure and/or systems, not  
o be able to attack or damage. Therefore SmartNet s.r.l shall  
not be liable for any direct or indirect damages that might be  
caused by using this information.  
`

Related

prion 1
securityvulns 2
cve 1
prion
prion
Cross site scripting
2013-11-06 15:55:00
securityvulns
securityvulns
Cisco Security Monitoring, Analysis and Response System crossite scripting
2013-12-09 00:00:00
Cisco Mars Cross-Site Scripting Vulnerability - CVE-2013-5563
2013-12-09 00:00:00
cve
cve
CVE-2013-5563
2013-11-06 15:55:00

0.002 Low

EPSS

Percentile

52.2%

JSON
Related for PACKETSTORM:123911
prion1securityvulns2cve1