Raritan CommandCenter Secure Gateway Cross Site Scripting

Raritan CommandCenter Secure Gateway versions prior to 8.0.0 suffer from a cross site scripting vulnerability.


MD5 | a71df70e983939b7c7a0b9688e5bed94

I. VULNERABILITY
-------------------------
XSS Vulnerability on Raritan CommandCenter Secure Gateway

II. CVE REFERENCE
-------------------------
-

III. VENDOR
-------------------------
https://www.raritan.com/support/product/commandcenter-secure-gateway

IV. TIMELINE
-------------------------
30/01/2019 Vulnerability discovered
30/01/2019 Vendor contacted
27/02/2019 Raritan replied as "this fix is scheduled for release version 8.0"
06/05/2019 Version 8.0 is released

V. CREDIT
-------------------------
Okan Coşkun from Biznet Bilisim A.S.
Alp Hısım from Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
Prior versions of Raritan CommandCenter Secure Gateway 8.0 affected
from XSS vulnerability. A remote attacker could steal victims cookie
or redirect victim to malicious site.

VII. PROOF OF CONCEPT
-------------------------
Affected Component:
Path(inurl): /access/MacroFileUploadServlet
Affected parameter: macroFile

MacroFileUpload of Raritan CC-SG affected from XSS vulnerability. A
remote attacker could steal victims cookie or redirect victim to
malicious site.



Related Posts