Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

AudioCode 400HD Cross Site scripting

🗓️ 12 Jan 2019 00:00:00Reported by A. BaubeType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 168 Views

AudioCode 400HD IP Phone XSS Vulnerabilit

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Code
ReporterTitlePublishedViews
Family
0day.today		AudioCode 400HD Cross Site scripting Vulnerability
12 Jan 201900:00
zdt
Cvelist		CVE-2018-10091
17 Mar 201917:00
cvelist
NVD		CVE-2018-10091
21 Mar 201916:00
nvd
Prion		Cross site scripting
21 Mar 201916:00
prion
CVE		CVE-2018-10091
21 Mar 201916:00
cve
`# [CVE-2018-10091] Stored XSS vulnerabilities in AudioCode IP phones  
  
## Description  
  
The AudioCodes 400HD series of IP phones is a range of easy-to-use,  
feature-rich desktop devices for the service provider hosted services,  
enterprise IP telephony and contact center markets.  
  
Most of user inputs in the CGI interface are not protected against XSS  
injections.  
  
Theses vulnerabilities have only been tested on the 420HD phone.  
  
## Vulnerability records  
  
**CVE ID**: CVE-2018-10091  
  
**Access Vector**: remote  
  
**Security Risk**: medium  
  
**Vulnerability**: CWE-79  
  
**CVSS Base Score**: 5.5  
  
**CVSS Vector String**:  
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:H/RC:C  
  
  
## Details  
  
The script `mainform.cgi` is vulnerable to multiple stored XSS  
vulnerabilities.  
  
For example, it is possible to add the following string :  
  
```html  
<script>alert("XSS")</script>  
```  
  
within any field (`Name`, `Office`, `Home` or `Mobile`) on the  
`Directory` page (used to add contacts). This will trigger JavaScript  
code execution in the browser.  
  
The payload gets stored and remains active in the page.  
  
All forms on the web application, where the user input is printed on the  
page, seem to be vulnerable.  
  
Note that the vulnerable page is only available to authenticated users  
(in possession of the admin configuration password).  
  
  
## Timeline (dd/mm/yyyy)  
  
* 06/03/2018 : Initial discovery  
* 17/04/2018 : Vendor contact  
* 17/05/2018 : Vendor technical team aknowledgment  
* 15/08/2018 : Vendor submit a private 2.2.16.128 pre-release that,  
according to our test, did not mitigate the issue.  
* 10/01/2019 : Public disclosure  
  
## Fixes  
  
AudioCodes allegedly fixed the issue in version 2.2.16.128.  
  
## Affected versions  
  
Theses vulnerabilities have only been tested on the 420HD phone  
(firmware version: 2.2.12.126).  
  
## Credits  
  
a.baube at sysdream dot com  
  
  
--   
SYSDREAM Labs <[email protected]>  
  
GPG :  
47D1 E124 C43E F992 2A2E  
1551 8EB4 8CD9 D5B2 59A1  
  
* Website: https://sysdream.com/  
* Twitter: @sysdream  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
12 Jan 2019 00:00Current
5.2Medium risk
Vulners AI Score5.2
EPSS0.00229
audiocode 400hdip phonesxss vulnerabilitystored xsscgi interfacecve-2018-10091remote access vectormedium security riskcwe-79cvss base score 5.5javascript code executionvendor fixfirmware version 2.2.12.126sysdream labs
168
.json
Report