Vulners
Lucene search
Cisco Ironport Cross Site Request Forgery / Cross Site Scripting
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Cisco Content Filtering Devices Cross-Site Request Forgery Vulnerability | 1 Jul 201312:44 | – | cisco |
 | CVE-2013-3395 | 2 Jul 201301:00 | – | cve |
| CVE-2013-3396 | 26 Jun 201321:00 | – | cve |
 | CVE-2013-3395 | 2 Jul 201301:00 | – | cvelist |
| CVE-2013-3396 | 26 Jun 201321:00 | – | cvelist |
 | EUVD-2013-3330 | 7 Oct 202500:30 | – | euvd |
| EUVD-2013-3331 | 7 Oct 202500:30 | – | euvd |
 | CVE-2013-3395 | 2 Jul 201303:43 | – | nvd |
| CVE-2013-3396 | 26 Jun 201321:55 | – | nvd |
 | Cisco Content Security Management Appliance XSS and CSRF Vulnerabilities | 4 Sep 201300:00 | – | openvas |
10
Tittle: Cisco IronPort Security Management Appliance - Multiple issues
Risk: Medium
Date: 20.May.2013
Author: Pedro Andujar
Twitter: @pandujar
.: [ INTRO ] :.
The Cisco Security Management Appliance helps to enable flexible management and comprehensive security control
at the network gateway. Is a central platform for managing all policy, reporting, and auditing information
for Cisco web and email security appliances.
.: [ TECHNICAL DESCRIPTION ] :.
Cisco IronPort Security Management Appliance M170 v7.9.1-030 (and probably other products), are prone to several security issues
as described below;
.: [ ISSUE #1 }:.
Name: Reflected Cross Site Scripting
Severity: Low
CVE: CVE-2013-3396
There is a lack of output escaping in the default error 500 page. When a exception occurs in the application, the error
description contains user unvalidated input from the request:
** PoC removed as requested by Cisco. **
.: [ ISSUE #2 }:.
Name: Stored Cross Site Scripting
Severity: Medium
Due to a lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then
printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields.
** PoC removed as requested by Cisco. **
.: [ ISSUE #3 }:.
Name: CSRF Token is not used
Severity: Low
CVE: CVE-2013-3395
CSRFKey is not used in some areas of the application, which make even easier to exploit Reflected XSS Issues. In the /report area
of the application, we got no error even when completely removing the parameter CSRFKey;
** PoC removed as requested by Cisco. **
See: http://tools.cisco.com/security/center/viewAlert.x?alertId=29844
.: [ ISSUE #4 }:.
Name: Lack of password obfuscation
Severity: Low
When exporting the configuration file even if you mark the "mask password" option, the SNMPv3 password still appears in cleartext.
.: [ CHANGELOG ] :.
* 20/May/2013: - Vulnerability found.
* 27/May/2013: - Vendor contacted.
* 11/Jul/2013: - Public Disclosure
.: [ SOLUTIONS ] :.
Thanks to Stefano De Crescenzo (Cisco PSIRT Team), because of his professional way of managing the entire process.
Stored XSS
CSCuh24755
Reflected XSS
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396
SNMP password issue
CSCuh27268, CSCuh70314
CSRF
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395
# 0day.today [2018-04-13] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Aug 2013 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.00263