Cisco User-Changeable Password(UCP)CSuserCGI.exe本地HELP参数多个跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114755 漏洞类型 跨站脚本
发布时间 2008-03-12 更新时间 2008-09-05
CVE编号 CVE-2008-0533 CNNVD-ID CNNVD-200803-227
漏洞平台 Windows CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/31395
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200803-227
|漏洞详情
UCP应用允许终端用户使用基于Web的工具更改CiscoSecureAccessControlServer(ACS)的口令。/securecgi-bin/CSUserCGI.exeCGI存在多个缓冲区溢出和跨站脚本漏洞,远程攻击者可能利用一个本地HELP参数后的直接参数注入任意WEB脚本和HTML代码.也有可能是其他未知向量
|漏洞EXP
source: http://www.securityfocus.com/bid/28222/info
 
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.
 
Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.
 
The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.
 
These issues affect versions prior to UCP 4.2 when running on Microsoft Windows. 

http://www.example.com/securecgi-bin/CSUserCGI.exe?Help+00.lala.c.hacker%22%22%22%3E%3Ch1%3EHello_Cisco%3C/h1%3E
|参考资料

来源:CISCO
名称:20080312CiscoSecureAccessControlServerforWindowsUser-ChangeablePasswordVulnerabilities
链接:http://www.cisco.com/en/US/products/products_security_advisory09186a008095f0c4.shtml
来源:SECUNIA
名称:29351;PatchInformation
链接:http://secunia.com/advisories/29351
来源:XF
名称:cisco-acs-ucp-csusercgi-xss(41156)
链接:http://xforce.iss.net/xforce/xfdb/41156
来源:BID
名称:28222
链接:http://www.securityfocus.com/bid/28222
来源:BUGTRAQ
名称:20080312CiscoACSUCPRemotePre-AuthenticationBufferOverflows
链接:http://www.securityfocus.com/archive/1/archive/1/489463/100/0/threaded
来源:MISC
名称:http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt
链接:http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt
来源:VUPEN
名称:ADV-2008-0868
链接:http://www.frsirt.com/english/advisories/2008/0868
来源:SECTRACK
名称:1019607
链接:http://securitytracker.com/id?1019607
来源:SREASON
名称:3743
链接:http://securityreason.com/securityalert/3743