Title: ====== Astaro Security Gateway v7.504 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/get_content.php?id=8 VL-ID: ===== 8 Introduction: ============= Das Astaro Security Gateway 625 wurde speziell für den Schutz großer Unternehmen konzipiert. Basierend auf hochwertigen Intel-kompatiblen Serversystemen, einschließlich Dual IntelTM Xeon-Multi-Core-Prozessoren sowie redundanten Highspeed-Festplatten, bietet es selbst für die herausforderndsten Umgebungen optimale Performance und Zuverlässigkeit. Dieser Abschnitt beschreibt detailliert die verfügbaren Sicherheitsanwendungen, technischen Einzelheiten und Einsatzszenarien. (Copy of the Vendor Homepage: https://www.astaro.com/de-de/produkte/hardware-appliance/astaro-security-gateway-625) Abstract: ========= The vulnerability research team discovers multiple input validation vulnerabilities on Astaros Security Web Gateway v7.504. Report-Timeline: ================ 2011-01-13: Verified by Vulnerability-Lab 2011-06-15: Secure Vendor Notification 2011-11-17: Vendor Reply/Feedback 2012-03-09: Fix/Patch by Vulnerability Lab Check 2012-04-08: Discovery by Vulnerability-Lab Status: ======== Published Affected Products: ================== Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== Multiple persistent Input Validation Vulnerabilities are detected on the Astaros Security Gateway application(appliance). The vulnerability allows a local low privileged user account or remote attacker with medium required user inter action to manipulate module contexts on application-side. Result of successful exploitation is session hijacking, phishing & stable context manipulation or client side target exploitation out of the gateway web application context. Vulnerable Module(s): ---- Management -- System Settings (Time&Date | Shell Access) ---- Users -- New User -- New Group -- Authentication / New Server ---- Definitions -- New Interface -- Comment Static Route -- OSPF Interface Settings -- View/Edit Traffic Selector -- New PIM-SM Interface -- New Rendezvous Point Router -- Uplink Monitoring ---- Network -- New Network & Listing -- New Service Definition -- New Time Event Definition Affected: Astaro Security Web Gateway v7.504 Astaro Security Web Gateway v8.x | 2011 Q1-4 - 110, 120, 220, 320, 425, 525 & 625 Pictures: ../1.png ../2.png ../3.png ../4.png ../5.png Proof of Concept: ================= The vulnerabilities can be exploited by local attackers with restricted accounts or with medium user inter-action on the remote way. For demonstration or reproduce ... Code Review: Users - User Listing