Forescout NAC 6.3.4.1 Cross-Site Scripting Vulnerability
Summary
Forescout NAC (Network Access Control) device is vulnerable to two cross-site scripting vulnerabilities.
- CVE number: CVE-2012-4983
- Impact: Medium
- Vendor homepage: http://www.forescout.com
- Vendor notified: 21/09/2012
- Vendor response: This issue is reportedly fixed in version 7.0.
- Credit: Joseph Sheridan of ReactionIS
Affected Products
Forescout CounterACT NAC 6.3.4.1 other versions may also be affected.
Details
The Forescout NAC device is vulnerable to two cross-site scripting issues and could be used to redirect a targetted victim to a malicious site or gain access to the NAC admin console. The 'a' parameter is vulnerable on the 'login' page and the search page 'rangesearch' is vulnerable to authenticated users. See below for details:
Login page: http://(NACIP)/assets/login?a=asdf" onload="alert(123)"> Search field (needs authenticated user): http://(NACIP)/assets/rangesearch?fromIndex=0&query=asdf" onclick="alert(123)"&main_selection=all
The payload could be delivered by enticing a victim to follow a link in a 'phishing' email or website.
Impact
An attacker may be able to gain credentials for the NAC device or seek to install malware on the victim's machine via a malicious site.
Solution
Version 7.0 reportedly fixes this issue.
About ReactionIS
Reaction Information Security is a leading independent pen test consultancy specialising in delivering the highest quality security testing services including network pen testing and web application security testing. As a CESG CHECK Service Provider we are authorised to carry out penetration testing on classified government networks.