← Advisories

Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS

Medium

Advisory ID

ZSL-2016-5391

Release Date

29 December 2016

Vendor

Dell Inc. - https://www.sonicwall.com/products/sonicwall-nsa/

Affected Version

NSA 6600 running SonicOS Enhanced 6.2.4.3-31n, WXA 4000 running 1.3.2.0-07, SafeMode 6.1.0.11

CVE

N/A

Tested On

SonicWALL, MySQL/5.0.96-community-nt, Apache-Coyote/1.1, Apache Tomcat 6.0.41

Summary

Uncompromising security and performance for emerging large organizations. The NSA 6600 network security appliance delivers best-in-class protection, speed and scalability with 12 Gbps throughput and up to 6000 VPN clients.

Description

SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize user-supplied input to the 'curUserName' GET parameter in the 'appFirewallSummary.html' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept

sonicwall_nsaxss.txtTXT

Disclosure Timeline

26.01.2016Vulnerability discovered.

29.01.2016Vendor contacted.

29.01.2016Vendor responds asking more details providing PGP keys.

29.01.2016Sent details to the vendor.

29.01.2016Vendor confirms receipt of the issues forwarding to engineering team.

12.02.2016Asked vendor for status update.

12.02.2016Vendor confirms the issues scheduling a patch release.

23.02.2016Asked vendor for status update.

24.02.2016Vendor replied.

19.04.2016Asked vendor for status update.

20.04.2016Vendor replied.

22.04.2016Working with the vendor.

02.12.2016Vendor releases patch to address this issues.

29.12.2016Coordinated public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2016120170

[2]https://packetstormsecurity.com/files/140303

[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/120216

Changelog

29.12.2016Initial release

02.01.2017Added reference [1] and [2]

29.01.2017Added reference [3]