Details of VAR-200710-0473

ID

VAR-200710-0473

CVE

CVE-2007-5562

TITLE

Netgear SSL312 PROSAFE SSL VPN-Concentrator Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2007-004550

DESCRIPTION

Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page. NETGEAR ProSafe SSL VPN Concentrator 25-SSL312 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Netgear SSL312 "err" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA27238 VERIFY ADVISORY: http://secunia.com/advisories/27238/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Netgear SSL312 http://secunia.com/product/16173/ DESCRIPTION: SkyOut has reported a vulnerability in Netgear SSL312, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "err" parameter in e.g. cgi-bin/welcome/XYZ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences in a web proxy. Do not follow untrusted links. PROVIDED AND/OR DISCOVERED BY: SkyOut ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-October/066633.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-5562 // JVNDB: JVNDB-2007-004550 // BID: 26073 // VULHUB: VHN-28924 // PACKETSTORM: 60210

AFFECTED PRODUCTS

vendor:	netgear	model:	ssl312	scope:	eq	version:	*	Trust: 1.0
vendor:	net gear	model:	ssl312	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	ssl312	scope:	-	version:	-	Trust: 0.6
vendor:	netgear	model:	prosafe ssl vpn-concentrator	scope:	eq	version:	250	Trust: 0.3

sources: BID: 26073 // JVNDB: JVNDB-2007-004550 // CNNVD: CNNVD-200710-362 // NVD: CVE-2007-5562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5562
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5562
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200710-362
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28924
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5562
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28924
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28924 // JVNDB: JVNDB-2007-004550 // CNNVD: CNNVD-200710-362 // NVD: CVE-2007-5562

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-28924 // JVNDB: JVNDB-2007-004550 // NVD: CVE-2007-5562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-362

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 60210 // CNNVD: CNNVD-200710-362

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-004550

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28924

PATCH

title:

Top Page

url:

http://www.netgear.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-004550

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5562	Trust: 2.8
db:	BID	id:	26073	Trust: 2.0
db:	SECUNIA	id:	27238	Trust: 1.8
db:	SECTRACK	id:	1018817	Trust: 1.7
db:	VUPEN	id:	ADV-2007-3542	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-004550	Trust: 0.8
db:	FULLDISC	id:	20071013 NETGEAR SSL312 XSS VULNERABILITY	Trust: 0.6
db:	XF	id:	37216	Trust: 0.6
db:	CNNVD	id:	CNNVD-200710-362	Trust: 0.6
db:	SEEBUG	id:	SSVID-84046	Trust: 0.1
db:	EXPLOIT-DB	id:	30673	Trust: 0.1
db:	VULHUB	id:	VHN-28924	Trust: 0.1
db:	PACKETSTORM	id:	60210	Trust: 0.1

sources: VULHUB: VHN-28924 // BID: 26073 // JVNDB: JVNDB-2007-004550 // PACKETSTORM: 60210 // CNNVD: CNNVD-200710-362 // NVD: CVE-2007-5562

REFERENCES

url:	http://www.securityfocus.com/bid/26073	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0358.html	Trust: 1.7
url:	http://www.smash-the-stack.net/articles/netgear_ssl312_xss_advisory.txt	Trust: 1.7
url:	http://securitytracker.com/id?1018817	Trust: 1.7
url:	http://secunia.com/advisories/27238	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/3542	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/37216	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5562	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5562	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/37216	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/3542	Trust: 0.6
url:	http://www.netgear.com	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2007-october/066633.html	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/product/16173/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/27238/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-28924 // BID: 26073 // JVNDB: JVNDB-2007-004550 // PACKETSTORM: 60210 // CNNVD: CNNVD-200710-362 // NVD: CVE-2007-5562

CREDITS

SkyOut is credited with discovering this vulnerability.

Trust: 0.9

sources: BID: 26073 // CNNVD: CNNVD-200710-362

SOURCES

db:	VULHUB	id:	VHN-28924
db:	BID	id:	26073
db:	JVNDB	id:	JVNDB-2007-004550
db:	PACKETSTORM	id:	60210
db:	CNNVD	id:	CNNVD-200710-362
db:	NVD	id:	CVE-2007-5562

LAST UPDATE DATE

2025-04-10T23:25:43.691000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28924	date:	2017-07-29T00:00:00
db:	BID	id:	26073	date:	2007-11-01T15:26:00
db:	JVNDB	id:	JVNDB-2007-004550	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200710-362	date:	2007-10-22T00:00:00
db:	NVD	id:	CVE-2007-5562	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28924	date:	2007-10-18T00:00:00
db:	BID	id:	26073	date:	2007-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2007-004550	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	60210	date:	2007-10-18T22:44:44
db:	CNNVD	id:	CNNVD-200710-362	date:	2007-10-18T00:00:00
db:	NVD	id:	CVE-2007-5562	date:	2007-10-18T20:17:00