Forescout NAC (Network Access Control) multiple vulnerabilities

看板Bugtraq作者joe.時間12年前 (2013/04/27 12:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

Forescout NAC (Network Access Control) multiple vulnerabilities: Forescout NAC 6.3.4.1 Cross-Site Redirection Vulnerability = (CVE-2012-4982) The Forescout NAC device is vulnerable to cross-site redirection and = could be used to redirect a targetted victim to a malicious site. The = 'a' parameter is vulnerable on the 'login' page. See below for details:=20 http://(NACIP)/assets/login?a=3Dhttp://www.evil.com Forescout NAC 6.3.4.1 Cross-Site Scripting Vulnerability (CVE-2012-4983) The Forescout NAC device is vulnerable to two cross-site scripting = issues and could be used to redirect a targetted victim to a malicious = site or gain access to the NAC admin console. The 'a' parameter is = vulnerable on the 'login' page and the search page 'rangesearch' is = vulnerable to authenticated users. See below for details:=20 Login page: http://(NACIP)/assets/login?a=3Dasdf" onload=3D"alert(123)"> Search field (needs authenticated user): http://(NACIP)/assets/rangesearch?fromIndex=3D0&query=3Dasdf" = onclick=3D"alert(123)"&main_selection=3Dall Forescout NAC ICMP and ARP Protocols Not Filtered Vulnerability Advisory = (CVE-2012-4985) Forescout NAC (Network Access Control) device is vulnerable to ICMP and = ARP protocol filter bypass. The NAC does not filter traffic from unknown = clients over these protocols. An attacker with an unauthorised device = can engage ARP poisoning attacks and potentially gain access to = cleartext login credentials traversing the network (where cleartext = protocols are employed). The attacker could then use these credentials = via an authorised terminal/workstation to gain full access to the = network. http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirect= ion.html http://www.reactionpenetrationtesting.co.uk/forescout-nac-xss.html http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html=20 Best regards, Joe Joseph Sheridan Director CHECK Team Leader, CREST Infrastructure, CREST Application, CISSP Tel: 07812052515 Web: www.reactionis.co.uk=20 Email: joe@reactionis.co.uk =20 Reaction Information Security Limited. Registered in England No: 6929383 Registered Office: 1, The Mews, 69 New Dover Road, Canterbury, CT1 3DZ =20 This email and any files transmitted with it are confidential and are = intended solely for the use of the individual to whom they are = addressed. If you are not the intended recipient please notify the = sender. Any unauthorised dissemination or copying of this email or its = attachments and any use or disclosure of any information contained in = them, is strictly prohibited. =EF=81=90 Please consider the environment before printing this email Joseph Sheridan Director CHECK Team Leader, CREST Infrastructure, CREST Application, CISSP Tel: 07812052515 Web: www.reactionis.co.uk=20 Email: joe@reactionis.co.uk Reaction Information Security Limited. Registered in England No: 6929383 Registered Office: 1, The Mews, 69 New Dover Road, Canterbury, CT1 3DZ =20 This email and any files transmitted with it are confidential and are = intended solely for the use of the individual to whom they are = addressed. If you are not the intended recipient please notify the = sender. Any unauthorised dissemination or copying of this email or its = attachments and any use or disclosure of any information contained in = them, is strictly prohibited. =EF=81=90 Please consider the environment before printing this email

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 joe. 的文章

文章代碼(AID): #1HUrJ6Kf (Bugtraq)