exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ZoneDirector Cross Site Scripting

ZoneDirector Cross Site Scripting
Posted Nov 13, 2013
Authored by Ruckus Product Security Team

A persistent cross site scripting weakness has been discovered in the guest pass provisioning web interface of the ZoneDirector controller devices. An attacker with access to an authenticated user session with privileges for guest pass generation may cause certain malicious javascript code to execute in the user's browser with privileges of the user or the admin. ZoneDirector Controllers versions 9.3.x, 9.4.x, 9.5.x, and 9.6.x are affected.

tags | advisory, web, javascript, xss
SHA-256 | d9fdcc876fdb2924d1ff1acb39eb8b431d9858e58ba9bb63afddfef5b1a68a58

ZoneDirector Cross Site Scripting

Change Mirror Download
RUCKUS ADVISORY ID 111113-2

Customer release date: Sep 9, 2013
Public release date: Nov 11, 2013

TITLE

Authenticated persistent cross site scripting vulnerability in guest
pass provisioning web interface on ZoneDirector controllers


SUMMARY

A persistent cross site scripting vulnerability has been discovered in
guest pass provisioning web interface on ZoneDirector controllers
(ZD). For launching this attack, the attacker needs access to an
authenticated user session with privileges for guest pass generation.


AFFECTED SOFTWARE VERSIONS AND DEVICES


Device Affected software
- -------------------------- ------------------
ZoneDirector Controllers 9.3.x, 9.4.x, 9.5.x, 9.6.x


Any products not mentioned in the table above are not affected


DETAILS

A persistent cross site scripting weakness has been discovered in the
guest pass provisioning web interface of the ZoneDirector controller
devices. An attacker with access to an authenticated user session with
privileges for guest pass generation may cause certain malicious
javascript code to execute in the user's browser with privileges of
the user or the admin.

The pre-requisite of this attack is that attacker has access to an
authenticated user session with privileges for guest pass generation
on the ZD. This issue does not affect any other Ruckus devices besides
ZoneDirector controllers.

IMPACT

An attacker with access to an authenticated user session with
privileges for guest pass generation may cause certain malicious
javascript code to execute in the user's browser with privileges of
the user or the admin.

CVSS v2 BASE METRIC SCORE: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)


WORKAROUNDS

Ruckus recommends that all customers apply the appropriate patch(es)
as soon as practical for mitigating this attack. However, in the
event that a patch cannot immediately be applied, the following
suggestions might help reduce the risk:

- - - Only launch web sessions to ZD's guest pass provisioning interface
from trusted hosts with no connectivity to untrusted networks such as
the Internet while the session is active.

- Do not expose ZD's guest pass provisioning interface to untrusted
networks such as the Internet.

- Use a firewall to limit traffic to/from ZoneDirector's guest pass
provisioning web interface to trusted hosts.


SOLUTION

Ruckus recommends that all customers apply the appropriate patch(es)
as soon as practical.

The following patches have the fix (any later patches will also have
the fix):


Branch Software Patch
- - ------ ------------------
9.3.x 9.3.4.0.21
9.4.x 9.4.3.0.22
9.5.x 9.5.2.0.15
9.6.x 9.6.1.0.15

CREDITS

This vulnerability was reported by Erik van Eijk of Dutch Forensic
Institute, Netherlands.


OBTAINING FIXED FIRMWARE

Ruckus customers can obtain the fixed firmware from the support website at
https://support.ruckuswireless.com/

Ruckus Support can be contacted as follows:

1-855-RUCKUS1 (1-855-782-5871) (United States)

The full contact list is at:
https://support.ruckuswireless.com/contact-us


PUBLIC ANNOUNCEMENTS

This security advisory is strictly confidential and will be made
available for public consumption in approximately 60 days on Nov 11,
2013 at the following source

Ruckus Website
http://www.ruckuswireless.com/security

SecurityFocus Bugtraq
http://www.securityfocus.com/archive/1


Future updates of this advisory, if any, will be placed on Ruckus's
website, but may or may not be actively announced on mailing lists.

REVISION HISTORY

Revision 1.0 / 9th Sep 2013 / Initial release


RUCKUS WIRELESS SECURITY PROCEDURES

Complete information on reporting security vulnerabilities in Ruckus
Wireless
products, obtaining assistance with security incidents is available at
http://www.ruckuswireless.com/security


For reporting new security issues, email can be sent to
security(at)ruckuswireless.com
For sensitive information we encourage the use of PGP encryption. Our
public keys can be
found at http://www.ruckuswireless.com/security


STATUS OF THIS NOTICE: Final

Although Ruckus cannot guarantee the accuracy of all statements
in this advisory, all of the facts have been checked to the best of our
ability. Ruckus does not anticipate issuing updated versions of
this advisory unless there is some material change in the facts. Should
there be a significant change in the facts, Ruckus may update this
advisory.


(c) Copyright 2013 by Ruckus Wireless
This advisory may be redistributed freely after the public release
date given at
the top of the text, provided that redistributed copies are complete and
unmodified, including all date and version information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJSgmKQAAoJEFH6g5RLqzh1nWcH+QGWpcm0NUybC6hPt5e3HNg/
H/U9WDl1m0SUnfJ+8G0KGoy9zUJvgLrzuxtYSj/juyqoDfS3qnZa3xFvQOIEV0v3
jV3FzGn1EdfD4vHHG73C+r+jQzu4sh3Ys7DHLODJeF+2AOH0FWnycxmU/qeAf+qx
OdC70u2kBh8rjH9NxTFrDR1fQWB2rpFwEMp3Wh2t8YrO4VLHursLU01UC8vtuJRF
5MR8mCBJu8aIr/II0BNXSHwzMb25T3BgsNCMMAAfV1ipkBMbG9UtoJ1Y7/rIDRHY
gvbFCScr42z56ZGXSvT+Dc/6enCc0CXrToe3aYAEZbTBymBvvegYho6JOFq0w4Q=
=K3PP
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close