Vigil@nce : McAfee NSM, Cross Site Scripting
November 2009 by Vigil@nce
An attacker can generate a Cross Site Scripting in the Login.jsp
page of McAfee Network Security Manager, in order to execute
JavaScript code on administrator’s computer.
Severity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 12/11/2009
IMPACTED PRODUCTS
– McAfee IntruShield Security Manager
– McAfee Network Security Manager
DESCRIPTION OF THE VULNERABILITY
The access to McAfee Network Security Manager requires an
authentication:
https://server/intruvert/jsp/module/Login.jsp?password=...&node=...&iaction=...
However, NSM does not filter "node" and "iaction" parameters,
before displaying them back.
An attacker can therefore generate a Cross Site Scripting in the
Login.jsp page of McAfee Network Security Manager, in order to
execute JavaScript code on administrator’s computer.
CHARACTERISTICS
Identifiers: BID-37003, CVE-2009-3565, SB10004, SWRX-2009-001,
VIGILANCE-VUL-9196
Pointed by: VIGILANCE-VUL-9197
http://vigilance.fr/vulnerability/McAfee-NSM-Cross-Site-Scripting-9196