/dev/everything |
December 5, 2007

Summary

Name: Cross Site Scripting in CiscoWorks
Release Date: 05 December 2007
Reference: LSD001-2007
Discover: Dave Lewis
CVE Number: CVE-2007-5582
Vendor: Cisco
Systems Affected: CiscoWorks version 2.6 (as tested)
All prior builds are affected

Risk: Medium
Status: Published (Vendor Confirmed, Patch Available)

Description

The initial CiscoWorks login page is susceptible to XSS attack.

Impact: attackers could execute XSS attacks that can harvest session cookies and username/passwords.

TimeLine

Discovered: 20 August 2007
Reported: 24 September 2007
Fixed: 5 November 2007
Patch Release: 5 December 2007
Published: 5 December 2007

Technical Details

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. Input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session.

Fix Information

This issue has now been resolved.

The patch may be obtained from:

http://www.cisco.com

Cisco Advisory
http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml

I would like to thank Cisco for their prompt and professional response to this issue.

Liquidmatrix Security Digest

Home

2255B Queen Street East
suite 156
Toronto, Ontario
Canada
M4E 1G3

Thanks: PortSwigger, Wade and pdp.

Related posts

Comments

  1. Dave,

    Thanks for your contribution. Our company is also using Ciscoworks on windows platform so we would like to understand more about this possible XSS attack – Cross Site Scripting in CiscoWorks. If I understand correctly, the hackers will be able to obtain the cookies and username/passwords for the ciscoworks application without knowing any proper credential. The cross site script can be executed without any authentictaion required due to the vulnerability.

    Thanks for your clarification.

  2. @Albert

    Thanks. Yes, this would require a Ciscoworks user to follow a specially crafted link that would be used to capture the aforementioned information. Beyond that I’m reticent to provide more information. I would suggest that you apply the patch that fixes this issue if that is an option.

  3. i looked for this article couple of months
    thanks a lot

  4. Guys….I need someone to train my client on a 1/2 day session on CiscoWorks LMS. The gig is up here in Northern New Jersey. Great way to make $1500 during a day off. Let me know if u know anyone or if you are interested. THX!!!!! Kat
    201-505-9489

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.