Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability
BID:68829
Info
Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability
| Bugtraq ID: | 68829 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5024 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 22 2014 12:00AM |
| Updated: | Jul 22 2014 12:00AM |
| Credit: | William Costa |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability
Multiple Dell SonicWALL Products are prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products are vulnerable:
Dell SonicWALL Global Management System
Dell SonicWALL Analyzer
Dell SonicWALL Universal Managemnet Appliance
Multiple Dell SonicWALL Products are prone to a cross-site scripting vulnerability.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The following products are vulnerable:
Dell SonicWALL Global Management System
Dell SonicWALL Analyzer
Dell SonicWALL Universal Managemnet Appliance
Exploit / POC
Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
The following example URI is available:
http://www.example.com:8443/sgms/panelManager?level=1&typeOfUnits=2&node_name=GlobalView&node_id=aaaaaaa&apos;</script><body onload=alert(document.cookie)>&panelidz=0,4#tabs-4
To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.
The following example URI is available:
http://www.example.com:8443/sgms/panelManager?level=1&typeOfUnits=2&node_name=GlobalView&node_id=aaaaaaa&apos;</script><body onload=alert(document.cookie)>&panelidz=0,4#tabs-4
Solution / Fix
Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Multiple Dell SonicWALL Products 'node_id' parameter Cross Site Scripting Vulnerability
References:
References: