Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
1 Oct 2010 Closed High CVSS v2: 9.3 SA47
A remote attacker is able to use script to execute CLI commands on the ProxySG as the administrator.
All versions of ProxySG prior to 6.1 are vulnerable.
ProxySG 6.1 - a fix is available in 18.104.22.168 or later.
ProxySG 5.5 - a fix is available in 22.214.171.124.
ProxySG 5.4 - a fix is available in 126.96.36.199.
ProxySG 5.3 - please upgrade to a later release.
ProxySG 4.3 - a fix is available in SGOS 188.8.131.52.
For information on how to upgrade SGOS, please see KB3608.
ProxySG is vulnerable to reflected (non-persistent) cross-site scripting attacks. User provided data is not validated or sanitized prior to including it in the HTML page returned to the user. A remote attacker can exploit this vulnerability to inject script that will execute CLI commands as the administrator. The remote attacker must execute the script within the administrator's browser while the administrator has an active session open with ProxySG. By default, sessions are terminated after 15 minutes of inactivity.
Cross-site scripting is often used to steal cookies from a browser. This allows an attacker to impersonate the user on another machine. ProxySG cookies cannot be used on a different machine and therefore are not vulnerable to cookie theft.
CVSS v2 base score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
The vulnerability was discovered and reported by Patrick Fleming at FishNet Security.
2012-01-17 Notification that no fix will be provided for 5.3. Changed status to final.
2011-02-17 Notification of fix in SGOS 184.108.40.206. Updated SGOS 5.5 fix information to show the issue is resolved in SGOS 220.127.116.11 GA release and the accompanying link was also updated. Updated SGOS 5.3 fix information to suggest upgrading to a newer version of SGOS to get the fix. Added link to KB3608 on how to upgrade SGOS.
2010-11-01 Notification of fix in 18.104.22.168 patch release.
2010-10-28 Credited Patrick Fleming for discovering and reporting the vulnerability.
2010-10-27 Notification of ProxySG version 22.214.171.124 patch release being promoted to GA release.
2010-10-15 Notificaiton of fix in 126.96.36.199 patch release.
2010-10-12 Added additional details and another workaround.
2010-10-07 Added a workaround.
2010-10-01 Initial public release.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.