Summary
Name: Cross Site Scripting in CiscoWorks
Release Date: 05 December 2007
Reference: LSD001-2007
Discover: Dave Lewis
CVE Number: CVE-2007-5582
Vendor: Cisco
Systems Affected: CiscoWorks version 2.6 (as tested)
All prior builds are affected
Risk: Medium
Status: Published (Vendor Confirmed, Patch Available)
Description
The initial CiscoWorks login page is susceptible to XSS attack.
Impact: attackers could execute XSS attacks that can harvest session cookies and username/passwords.
TimeLine
Discovered: 20 August 2007
Reported: 24 September 2007
Fixed: 5 November 2007
Patch Release: 5 December 2007
Published: 5 December 2007
Technical Details
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. Input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session.
Fix Information
This issue has now been resolved.
The patch may be obtained from:
http://www.cisco.com
Cisco Advisory
http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml
I would like to thank Cisco for their prompt and professional response to this issue.
Liquidmatrix Security Digest
2255B Queen Street East
suite 156
Toronto, Ontario
Canada
M4E 1G3
Thanks: PortSwigger, Wade and pdp.
Dave,
Thanks for your contribution. Our company is also using Ciscoworks on windows platform so we would like to understand more about this possible XSS attack – Cross Site Scripting in CiscoWorks. If I understand correctly, the hackers will be able to obtain the cookies and username/passwords for the ciscoworks application without knowing any proper credential. The cross site script can be executed without any authentictaion required due to the vulnerability.
Thanks for your clarification.
@Albert
Thanks. Yes, this would require a Ciscoworks user to follow a specially crafted link that would be used to capture the aforementioned information. Beyond that I’m reticent to provide more information. I would suggest that you apply the patch that fixes this issue if that is an option.
i looked for this article couple of months
thanks a lot
Guys….I need someone to train my client on a 1/2 day session on CiscoWorks LMS. The gig is up here in Northern New Jersey. Great way to make $1500 during a day off. Let me know if u know anyone or if you are interested. THX!!!!! Kat
201-505-9489