Forescout NAC 18.104.22.168 Cross-Site Scripting Vulnerability
Forescout NAC (Network Access Control) device is vulnerable to two cross-site scripting vulnerabilities.
- CVE number: CVE-2012-4983
- Impact: Medium
- Vendor homepage: http://www.forescout.com
- Vendor notified: 21/09/2012
- Vendor response: This issue is reportedly fixed in version 7.0.
- Credit: Joseph Sheridan of ReactionIS
Forescout CounterACT NAC 22.214.171.124 other versions may also be affected.
The Forescout NAC device is vulnerable to two cross-site scripting issues and could be used to redirect a targetted victim to a malicious site or gain access to the NAC admin console. The 'a' parameter is vulnerable on the 'login' page and the search page 'rangesearch' is vulnerable to authenticated users. See below for details:
Login page: http://(NACIP)/assets/login?a=asdf" onload="alert(123)"> Search field (needs authenticated user): http://(NACIP)/assets/rangesearch?fromIndex=0&query=asdf" onclick="alert(123)"&main_selection=all
The payload could be delivered by enticing a victim to follow a link in a 'phishing' email or website.
An attacker may be able to gain credentials for the NAC device or seek to install malware on the victim's machine via a malicious site.
Version 7.0 reportedly fixes this issue.
Reaction Information Security is a leading independent pen test consultancy specialising in delivering the highest quality security testing services including network pen testing and web application security testing. As a CESG CHECK Service Provider we are authorised to carry out penetration testing on classified government networks.