Details of VAR-200902-0210

ID

VAR-200902-0210

CVE

CVE-2008-6280

TITLE

GE Fanuc Proficy Information Portal allows arbitrary file upload and execution

Trust: 0.8

sources: CERT/CC: VU#339345

DESCRIPTION

Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation. GE Fanuc Proficy Information Portal allows authenticated users to upload arbitrary files. An attacker could upload an executable server-side script (e.g., an .asp shell on a Microsoft Internet Information Server platform) and execute arbitrary commands with the privileges of the web server. Linksys WRT160N is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into opening a malicious URI. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may help the attacker steal cookie-based authentication credentials, cause denial-of-service conditions, and launch other attacks. WRT160N is the latest 802.11n wireless router launched by Linksy. Input passed to the "action" parameter in apply.cgi is not properly sanitised before being returned to the administrator. SOLUTION: Filter malicious characters and character sequences using a proxy. Do not browse untrusted websites. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Proficy Real-Time Information Portal "Add WebSource" File Upload Vulnerability SECUNIA ADVISORY ID: SA28678 VERIFY ADVISORY: http://secunia.com/advisories/28678/ CRITICAL: Less critical IMPACT: System access WHERE: >From local network SOFTWARE: Proficy Real-Time Information Portal 2.x http://secunia.com/product/17343/ DESCRIPTION: Eyal Udassin has reported a vulnerability in Proficy Real-Time Information Portal, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the "Add WebSource" feature when handling file uploads. This can be exploited to e.g. The vulnerability is reported in version 2.6. Other versions may also be affected. SOLUTION: The vendor will reportedly release a SIM (Software Improvement Module) by February 15, 2008. PROVIDED AND/OR DISCOVERED BY: Eyal Udassin, C4 Security ORIGINAL ADVISORY: GE Fanuc (KB12460): http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460 C4 Security (via BugTraq): http://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html OTHER REFERENCES: US-CERT VU#339345: http://www.kb.cert.org/vuls/id/339345 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.88

sources: NVD: CVE-2008-6280 // CERT/CC: VU#339345 // JVNDB: JVNDB-2009-001376 // BID: 32496 // VULHUB: VHN-36405 // PACKETSTORM: 72522 // PACKETSTORM: 63060

AFFECTED PRODUCTS

vendor:	cisco	model:	wrt160n	scope:	eq	version:	-	Trust: 1.6
vendor:	ge fanuc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	linksys wrt160n	scope:	-	version:	-	Trust: 0.8
vendor:	linksys	model:	wrt160n	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#339345 // BID: 32496 // JVNDB: JVNDB-2009-001376 // CNNVD: CNNVD-200902-573 // NVD: CVE-2008-6280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-6280
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#339345
value:	0.84
Trust: 0.8
NVD:	CVE-2008-6280
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200902-573
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-36405
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-6280
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-36405
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#339345 // VULHUB: VHN-36405 // JVNDB: JVNDB-2009-001376 // CNNVD: CNNVD-200902-573 // NVD: CVE-2008-6280

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-36405 // JVNDB: JVNDB-2009-001376 // NVD: CVE-2008-6280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200902-573

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 72522 // CNNVD: CNNVD-200902-573

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001376

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-36405

PATCH

title:

Top Page

url:

http://www.cisco.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-001376

EXTERNAL IDS

db:	NVD	id:	CVE-2008-6280	Trust: 2.8
db:	BID	id:	32496	Trust: 2.0
db:	SECUNIA	id:	32877	Trust: 1.8
db:	CERT/CC	id:	VU#339345	Trust: 0.9
db:	PACKETSTORM	id:	0811	Trust: 0.8
db:	JVNDB	id:	JVNDB-2009-001376	Trust: 0.8
db:	CNNVD	id:	CNNVD-200902-573	Trust: 0.7
db:	XF	id:	46980	Trust: 0.6
db:	XF	id:	160	Trust: 0.6
db:	SECUNIA	id:	28678	Trust: 0.2
db:	EXPLOIT-DB	id:	32599	Trust: 0.1
db:	SEEBUG	id:	SSVID-85879	Trust: 0.1
db:	VULHUB	id:	VHN-36405	Trust: 0.1
db:	PACKETSTORM	id:	72522	Trust: 0.1
db:	PACKETSTORM	id:	63060	Trust: 0.1

sources: CERT/CC: VU#339345 // VULHUB: VHN-36405 // BID: 32496 // JVNDB: JVNDB-2009-001376 // PACKETSTORM: 72522 // PACKETSTORM: 63060 // CNNVD: CNNVD-200902-573 // NVD: CVE-2008-6280

REFERENCES

url:	http://packetstormsecurity.org/0811-exploits/linksys-xss.txt	Trust: 1.8
url:	http://www.securityfocus.com/bid/32496	Trust: 1.7
url:	http://secunia.com/advisories/32877	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/46980	Trust: 1.1
url:	http://support.gefanuc.com/support/index?page=kbchannel&id=kb12460	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/487079/30/0/threaded	Trust: 0.8
url:	http://packetstormsecurity.org/0811-exploits/hooked_on_fanucs.rb.txt	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6280	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6280	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/46980	Trust: 0.6
url:	http://www.linksys.com	Trust: 0.3
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	http://secunia.com/advisories/32877/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.1
url:	http://secunia.com/advisories/product/20650/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/17343/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/339345	Trust: 0.1
url:	http://secunia.com/advisories/28678/	Trust: 0.1
url:	http://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

CREDITS

David Gil※ dagil@infosec.com.mx

Trust: 0.6

sources: CNNVD: CNNVD-200902-573

SOURCES

db:	CERT/CC	id:	VU#339345
db:	VULHUB	id:	VHN-36405
db:	BID	id:	32496
db:	JVNDB	id:	JVNDB-2009-001376
db:	PACKETSTORM	id:	72522
db:	PACKETSTORM	id:	63060
db:	CNNVD	id:	CNNVD-200902-573
db:	NVD	id:	CVE-2008-6280

LAST UPDATE DATE

2025-04-10T23:00:36.795000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#339345	date:	2008-12-18T00:00:00
db:	VULHUB	id:	VHN-36405	date:	2017-08-17T00:00:00
db:	BID	id:	32496	date:	2015-04-16T17:51:00
db:	JVNDB	id:	JVNDB-2009-001376	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200902-573	date:	2009-02-26T00:00:00
db:	NVD	id:	CVE-2008-6280	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#339345	date:	2008-01-25T00:00:00
db:	VULHUB	id:	VHN-36405	date:	2009-02-25T00:00:00
db:	BID	id:	32496	date:	2008-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2009-001376	date:	2009-06-30T00:00:00
db:	PACKETSTORM	id:	72522	date:	2008-12-02T11:35:11
db:	PACKETSTORM	id:	63060	date:	2008-01-29T00:00:58
db:	CNNVD	id:	CNNVD-200902-573	date:	2008-11-27T00:00:00
db:	NVD	id:	CVE-2008-6280	date:	2009-02-25T23:30:00.733