[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page
From: tudor.enache () helpag ! com
Date: 2014-01-23 7:53:18
Message-ID: 201401230753.s0N7rIak023957 () sf01web1 ! securityfocus ! com
[Download RAW message or body]
Advisory ID: hag201476
Product: Mediatrix Web Management Interface
Vendor: Media5 Corporation
Vulnerable Version(s): Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and \
probably prior Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186
Advisory Publication: January 23, 2014
Vendor Notification: November 13, 2013
Public Disclosure: January 23, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-1612
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution not yet released
Discovered and Provided: Help AG Middle East
------------------------------------------------------------------------
-----------------------
about the vendor:
Media5 products and technologies are deployed in millions of broadband connected \
devices including smartphones, set-top boxes, and a wide variety of \
telecommunications equipment and applications. Our VoIP expertise went on to deliver \
the Mediatrix family of VoIP ATAs and Gateways, and now includes a suite of voice and \
video mobility solutions and the M5T family of secure SIP-based solutions for the \
telecommunications marketplace.
Advisory Details:
During a Pentest Help AG discovered the following:
Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management \
Interface, found in the login page, allows remote attackers to inject arbitrary web \
scripts or HTML via the vulnerable parameter “username”
1) Cross-Site Scripting (XSS) in Mediatrix Web Management Interface: CVE-2014-1612
As proof of concept, one needs to access the following URL on a Mediatrix Web \
Interface: http://<<MediatrixWebInterfaceIP/Host>>/login.esp?r=system_info.esp&username=%22/%3E%3Cscript%3Ealert%281%29%3C/script%3E \
Hackers could craft malicious URLs and send them to system admins to try to gain \
access to the administrative interface of the Mediatrix Device. As the targeted \
Mediatrix device in our case is used for providing voice over IP (VoIP) connectivity \
to ISDN telephones, the attacker could even set up his rogue SIP server, replace the \
original one in the Mediatrix configuration and listen to all corporate calls if an \
administrative account is compromised via the XSS in the login page.
------------------------------------------------------------------------
-----------------------
Solution:
The vendor was notified, contact the vendor for the patch details
------------------------------------------------------------------------
-----------------------
References:
[1] help AG middle East http://www.helpag.com/.
[2] Media5 Corporation http://www.mediatrix.com/en/company
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - \
international in scope and free for public use, CVE ® is a dictionary of publicly \
known information security vulnerabilities and exposures. [4] Common Weakness \
Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security \
practitioners, CWE is a formal list of software weakness types.
------------------------------------------------------------------------
-----------------------
Disclaimer: The information provided in this Advisory is provided "as is" and without \
any warranty of any kind. Details of this Advisory may be updated in order to provide \
as accurate information as possible.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic