Details of VAR-201006-0428

ID

VAR-201006-0428

CVE

CVE-2010-2290

TITLE

McAfee UTM Firewall of cgi-bin/cgix/help Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-004878

DESCRIPTION

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: McAfee UTM Firewall "page" Cross-Site-Scripting Vulnerability SECUNIA ADVISORY ID: SA40089 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40089/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40089 RELEASE DATE: 2010-06-11 DISCUSS ADVISORY: http://secunia.com/advisories/40089/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40089/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40089 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Adam Baldwin has reported a vulnerability in McAfee Unified Threat Management (UTM) Firewall, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "page" parameter to cgi-bin/cgix/help is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 3.0.0 through 4.0.6 SOLUTION: Upgrade to McAfee UTM Firewall firmware version 4.0.7. PROVIDED AND/OR DISCOVERED BY: Adam Baldwin, nGenuity Information Security ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10010 nGenuity Information Security: http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.89

sources: NVD: CVE-2010-2290 // JVNDB: JVNDB-2010-004878 // VULHUB: VHN-44895 // PACKETSTORM: 90491 // PACKETSTORM: 90490

AFFECTED PRODUCTS

vendor:	mcafee	model:	unified threat management firewall	scope:	eq	version:	4.0.6	Trust: 1.6
vendor:	mcafee	model:	unified threat management firewall	scope:	eq	version:	3.0.0	Trust: 1.6
vendor:	mcafee	model:	unified threat management firewall	scope:	eq	version:	3.1.5	Trust: 1.6
vendor:	mcafee	model:	utm firewall	scope:	eq	version:	3.0.0 to 4.0.6	Trust: 0.8

sources: JVNDB: JVNDB-2010-004878 // CNNVD: CNNVD-201006-250 // NVD: CVE-2010-2290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2290
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-2290
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201006-250
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-44895
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-2290
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-44895
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-44895 // JVNDB: JVNDB-2010-004878 // CNNVD: CNNVD-201006-250 // NVD: CVE-2010-2290

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-44895 // JVNDB: JVNDB-2010-004878 // NVD: CVE-2010-2290

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201006-250

TYPE

xss

Trust: 0.8

sources: PACKETSTORM: 90491 // PACKETSTORM: 90490 // CNNVD: CNNVD-201006-250

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-004878

PATCH

title:	SB10010	url:	https://kc.mcafee.com/corporate/index?page=content&id=SB10010	Trust: 0.8
title:	Wireshark 1.2.9	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=3690	Trust: 0.6

sources: JVNDB: JVNDB-2010-004878 // CNNVD: CNNVD-201006-250

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2290	Trust: 2.5
db:	SECUNIA	id:	40089	Trust: 1.9
db:	SECUNIA	id:	40138	Trust: 1.9
db:	MCAFEE	id:	SB10010	Trust: 1.9
db:	VUPEN	id:	ADV-2010-1413	Trust: 1.7
db:	SECTRACK	id:	1024091	Trust: 1.7
db:	JVNDB	id:	JVNDB-2010-004878	Trust: 0.8
db:	CNNVD	id:	CNNVD-201006-250	Trust: 0.7
db:	BUGTRAQ	id:	20100609 MCAFEE UTM FIREWALL HELP REFLECTED CROSS-SITE SCRIPTING	Trust: 0.6
db:	VULHUB	id:	VHN-44895	Trust: 0.1
db:	PACKETSTORM	id:	90491	Trust: 0.1
db:	PACKETSTORM	id:	90490	Trust: 0.1

sources: VULHUB: VHN-44895 // JVNDB: JVNDB-2010-004878 // PACKETSTORM: 90491 // PACKETSTORM: 90490 // CNNVD: CNNVD-201006-250 // NVD: CVE-2010-2290

REFERENCES

url:	http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/	Trust: 1.9
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10010	Trust: 1.8
url:	http://www.securitytracker.com/id?1024091	Trust: 1.7
url:	http://secunia.com/advisories/40089	Trust: 1.7
url:	http://secunia.com/advisories/40138	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2010/1413	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/511771/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2290	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2290	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/511771/100/0/threaded	Trust: 0.6
url:	http://secunia.com/products/corporate/evm/	Trust: 0.2
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.2
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/corporate/webinars/	Trust: 0.2
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.2
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10010	Trust: 0.1
url:	http://secunia.com/advisories/40089/	Trust: 0.1
url:	http://secunia.com/advisories/40089/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=40089	Trust: 0.1
url:	http://secunia.com/advisories/40138/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=40138	Trust: 0.1
url:	http://secunia.com/advisories/40138/#comments	Trust: 0.1

sources: VULHUB: VHN-44895 // JVNDB: JVNDB-2010-004878 // PACKETSTORM: 90491 // PACKETSTORM: 90490 // CNNVD: CNNVD-201006-250 // NVD: CVE-2010-2290

CREDITS

Secunia

Trust: 0.2

sources: PACKETSTORM: 90491 // PACKETSTORM: 90490

SOURCES

db:	VULHUB	id:	VHN-44895
db:	JVNDB	id:	JVNDB-2010-004878
db:	PACKETSTORM	id:	90491
db:	PACKETSTORM	id:	90490
db:	CNNVD	id:	CNNVD-201006-250
db:	NVD	id:	CVE-2010-2290

LAST UPDATE DATE

2025-04-11T22:59:36.670000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-44895	date:	2018-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2010-004878	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201006-250	date:	2010-06-18T00:00:00
db:	NVD	id:	CVE-2010-2290	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-44895	date:	2010-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2010-004878	date:	2012-09-25T00:00:00
db:	PACKETSTORM	id:	90491	date:	2010-06-11T13:54:25
db:	PACKETSTORM	id:	90490	date:	2010-06-11T13:54:22
db:	CNNVD	id:	CNNVD-201006-250	date:	2010-06-18T00:00:00
db:	NVD	id:	CVE-2010-2290	date:	2010-06-15T14:04:26.687