Vigil@nce: ScreenOS, Cross Site Scripting of WebUI
October 2008 by Vigil@nce
An attacker can inject JavaScript code in WebUI logs in order to
create a Cross Site Scripting.
– Gravity: 2/4
– Consequences: client access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 02/10/2008
IMPACTED PRODUCTS
– Netscreen ScreenOS
DESCRIPTION
Events occurring on the NetScreen are logged in the Event Log. The
administrator can read them via the ScreenOS WebUI interface.
When an attacker tries to connect via the web interface or via
telnet, the username is logged in the Event Log. However, this
name is not filtered before being displayed in the WebUI.
An attacker can therefore use a login name containing JavaScript
code in order to create a Cross Site Scripting.
CHARACTERISTICS
– Identifiers: BID-31528, netscreen01oct, PSN-2008-09-009,
VIGILANCE-VUL-8141
– Url: http://vigilance.aql.fr/vulnerability/8141