Details of VAR-201401-0414

ID

VAR-201401-0414

CVE

CVE-2014-1612

TITLE

Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerability

Trust: 0.8

sources: CERT/CC: VU#252294

DESCRIPTION

Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. (CWE-79). The Mediatrix 4402 Device is a VoIP adapter. Execute malicious script code to get sensitive information or hijack user sessions. Mediatrix 4402 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Mediatrix 4402 running firmware Dgw 1.1.13.186 is vulnerable; other versions may also be affected. Advisory ID: hag201476 Product: Mediatrix Web Management Interface Vendor: Media5 Corporation Vulnerable Version(s): Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 and probably prior Tested Version: Mediatrix 4402 Device with Firmware Dgw 1.1.13.186 Advisory Publication: January 23, 2014 Vendor Notification: November 13, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-1612 Risk Level: Medium CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: Solution not yet released Discovered and Provided: Help AG Middle East ------------------------------------------------------------------------ ----------------------- about the vendor: Media5 products and technologies are deployed in millions of broadband connected devices including smartphones, set-top boxes, and a wide variety of telecommunications equipment and applications. Our VoIP expertise went on to deliver the Mediatrix family of VoIP ATAs and Gateways, and now includes a suite of voice and video mobility solutions and the M5T family of secure SIP-based solutions for the telecommunications marketplace. As the targeted Mediatrix device in our case is used for providing voice over IP (VoIP) connectivity to ISDN telephones, the attacker could even set up his rogue SIP server, replace the original one in the Mediatrix configuration and listen to all corporate calls if an administrative account is compromised via the XSS in the login page. ------------------------------------------------------------------------ ----------------------- Solution: The vendor was notified, contact the vendor for the patch details ------------------------------------------------------------------------ ----------------------- References: [1] help AG middle East http://www.helpag.com/. [2] Media5 Corporation http://www.mediatrix.com/en/company [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. ------------------------------------------------------------------------ ----------------------- Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible

Trust: 3.33

sources: NVD: CVE-2014-1612 // CERT/CC: VU#252294 // JVNDB: JVNDB-2014-001294 // CNVD: CNVD-2014-00610 // BID: 65108 // VULHUB: VHN-69551 // PACKETSTORM: 124931

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00610

AFFECTED PRODUCTS

vendor:	media5	model:	mediatrix voip gateway 4402	scope:	eq	version:	dgw_1.1.13.186	Trust: 1.6
vendor:	media5	model:	mediatrix voip gateway	scope:	eq	version:	4402	Trust: 1.0
vendor:	media5	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	media5	model:	mediatrix 4402 digital voip gateways	scope:	lte	version:	dgw 1.1.13.186	Trust: 0.8
vendor:	media5	model:	mediatrix digital voip gateways	scope:	eq	version:	4402	Trust: 0.8
vendor:	media5	model:	mediatrix device	scope:	eq	version:	44021.1.13.186	Trust: 0.6

sources: CERT/CC: VU#252294 // CNVD: CNVD-2014-00610 // JVNDB: JVNDB-2014-001294 // CNNVD: CNNVD-201401-598 // NVD: CVE-2014-1612

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2014-1612
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2014-1612
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2014-00610
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201401-598
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-69551
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-1612
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2014-1612
severity:	MEDIUM
baseScore:	4.3
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-00610
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-69551
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#252294 // CNVD: CNVD-2014-00610 // VULHUB: VHN-69551 // JVNDB: JVNDB-2014-001294 // CNNVD: CNNVD-201401-598 // NVD: CVE-2014-1612

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 2.7

sources: CERT/CC: VU#252294 // VULHUB: VHN-69551 // JVNDB: JVNDB-2014-001294 // NVD: CVE-2014-1612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-598

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 124931 // CNNVD: CNNVD-201401-598

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001294

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-69551

PATCH

title:

Mediatrix 4400 Series

url:

http://www.media5corp.com/en/voip-gateways/mediatrix-4400-series

Trust: 0.8

sources: JVNDB: JVNDB-2014-001294

EXTERNAL IDS

db:	NVD	id:	CVE-2014-1612	Trust: 3.5
db:	CERT/CC	id:	VU#252294	Trust: 2.7
db:	BID	id:	65108	Trust: 2.0
db:	PACKETSTORM	id:	124931	Trust: 1.8
db:	OSVDB	id:	102415	Trust: 1.7
db:	XF	id:	90656	Trust: 1.4
db:	SECUNIA	id:	56638	Trust: 1.1
db:	JVN	id:	JVNVU97711137	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001294	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-598	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00610	Trust: 0.6
db:	XF	id:	20141612	Trust: 0.6
db:	BUGTRAQ	id:	20140123 REFLECTED CROSS-SITE SCRIPTING (XSS) VULNERABILITY IN MEDIATRIX WEB MANAGEMENT INTERFACE LOGIN PAGE	Trust: 0.6
db:	VULHUB	id:	VHN-69551	Trust: 0.1

sources: CERT/CC: VU#252294 // CNVD: CNVD-2014-00610 // VULHUB: VHN-69551 // BID: 65108 // JVNDB: JVNDB-2014-001294 // PACKETSTORM: 124931 // CNNVD: CNNVD-201401-598 // NVD: CVE-2014-1612

REFERENCES

url:	http://www.kb.cert.org/vuls/id/252294	Trust: 1.9
url:	http://packetstormsecurity.com/files/124931/mediatrix-4402-cross-site-scripting.html	Trust: 1.7
url:	http://osvdb.org/102415	Trust: 1.7
url:	http://xforce.iss.net/xforce/xfdb/90656	Trust: 1.4
url:	http://www.securityfocus.com/bid/65108	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/530871/100/0/threaded	Trust: 1.1
url:	http://secunia.com/advisories/56638	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90656	Trust: 1.1
url:	http://www.mediatrix.com/en/voip-gateways/mediatrix-4400-series	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/530871/30/0/threaded	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/79.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1612	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97711137/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1612	Trust: 0.8
url:	http://seclists.org/bugtraq/2014/jan/87	Trust: 0.6
url:	http://www.securityfocus.com/bid/65108/discuss	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/530871/100/0/threaded	Trust: 0.6
url:	http://cwe.mitre.org	Trust: 0.1
url:	http://<<mediatrixwebinterfaceip/host>>/login.esp?r=system_info.esp&username=%22/%3e%3cscript%3ealert%281%29%3c/script%3e	Trust: 0.1
url:	http://www.mediatrix.com/en/company	Trust: 0.1
url:	http://www.helpag.com/.	Trust: 0.1
url:	http://cve.mitre.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-1612	Trust: 0.1

sources: CERT/CC: VU#252294 // CNVD: CNVD-2014-00610 // VULHUB: VHN-69551 // JVNDB: JVNDB-2014-001294 // PACKETSTORM: 124931 // CNNVD: CNNVD-201401-598 // NVD: CVE-2014-1612

CREDITS

tudor enache

Trust: 0.3

sources: BID: 65108

SOURCES

db:	CERT/CC	id:	VU#252294
db:	CNVD	id:	CNVD-2014-00610
db:	VULHUB	id:	VHN-69551
db:	BID	id:	65108
db:	JVNDB	id:	JVNDB-2014-001294
db:	PACKETSTORM	id:	124931
db:	CNNVD	id:	CNNVD-201401-598
db:	NVD	id:	CVE-2014-1612

LAST UPDATE DATE

2025-04-11T23:15:23.310000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#252294	date:	2014-04-07T00:00:00
db:	CNVD	id:	CNVD-2014-00610	date:	2014-01-26T00:00:00
db:	VULHUB	id:	VHN-69551	date:	2018-10-09T00:00:00
db:	BID	id:	65108	date:	2014-02-05T01:04:00
db:	JVNDB	id:	JVNDB-2014-001294	date:	2014-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201401-598	date:	2014-02-07T00:00:00
db:	NVD	id:	CVE-2014-1612	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#252294	date:	2014-02-03T00:00:00
db:	CNVD	id:	CNVD-2014-00610	date:	2014-01-26T00:00:00
db:	VULHUB	id:	VHN-69551	date:	2014-01-30T00:00:00
db:	BID	id:	65108	date:	2014-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-001294	date:	2014-02-03T00:00:00
db:	PACKETSTORM	id:	124931	date:	2014-01-24T00:55:55
db:	CNNVD	id:	CNNVD-201401-598	date:	2014-01-30T00:00:00
db:	NVD	id:	CVE-2014-1612	date:	2014-01-30T18:55:03.627