lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201401230753.s0N7rIak023957@sf01web1.securityfocus.com>
Date: Thu, 23 Jan 2014 07:53:18 GMT
From: tudor.enache@...pag.com
To: bugtraq@...urityfocus.com
Subject: Reflected cross-site scripting (XSS) vulnerability in Mediatrix
 Web Management Interface login page

Advisory ID: hag201476
Product: Mediatrix Web Management Interface
Vendor: Media5 Corporation
Vulnerable Version(s): Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and probably prior
Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186
Advisory Publication: January 23, 2014 
Vendor Notification: November 13, 2013 
Public Disclosure:  January 23, 2014 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-1612
Risk Level: Medium 
CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution not yet released
Discovered and Provided: Help AG Middle East

------------------------------------------------------------------------

-----------------------

about the vendor:
Media5 products and technologies are deployed in millions of broadband connected devices including smartphones, set-top boxes, and a wide variety of telecommunications equipment and applications.
 Our VoIP expertise went on to deliver the Mediatrix family of VoIP ATAs and Gateways, and now includes a suite of voice and video mobility solutions and the M5T family of secure SIP-based solutions for the telecommunications marketplace.


Advisory Details:

During a Pentest Help AG discovered the following:
Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface, found in the login page, allows remote attackers to inject arbitrary web scripts or HTML via the vulnerable parameter “username” 

1) Cross-Site Scripting (XSS) in Mediatrix Web Management Interface: CVE-2014-1612

As proof of concept, one needs to access the following URL on a Mediatrix Web Interface: http://<<MediatrixWebInterfaceIP/Host>>/login.esp?r=system_info.esp&username=%22/%3E%3Cscript%3Ealert%281%29%3C/script%3E 

Hackers could craft malicious URLs and send them to system admins to try to gain access to the administrative interface of the Mediatrix Device. As the targeted Mediatrix device in our case is used for providing voice over IP (VoIP) connectivity to ISDN telephones, the attacker could even set up his rogue SIP server, replace the original one in the Mediatrix configuration and listen to all corporate calls if an administrative account is compromised via the XSS in the login page.

------------------------------------------------------------------------

-----------------------

Solution:

The vendor was notified, contact the vendor for the patch details

------------------------------------------------------------------------

-----------------------

References:

[1] help AG middle East http://www.helpag.com/.
[2] Media5 Corporation http://www.mediatrix.com/en/company 
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.

------------------------------------------------------------------------

-----------------------

Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ