CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
75.5%
ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) - CVE-2015-2849
The ppli
URL parameter of the main.ant
page is vulnerable to SQL injection. A remote attacker can perform arbitrary queries on the underlying database. According to ANTLabs, only https
connections are vulnerable to this attack.
CWE-79**: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) -**CVE-2015-2850
A reflected cross-site scripting vulnerability also exists in the msg
URL parameter of the index-login.ant
page.
Affected models include the following:
* InnGate 3.01 E-Series
* InnGate 3.10 E-Series
* InnGate 3.10 M-Series
* IG3100
* SG 4
* SSG 4
A remote attacker may be able exploit CVE-2015-2849 to execute arbitrary queries on the backend datastore.
A remote attacker may be able to exploit CVE-2015-2850 to obtain user credentials to the administrator panel if a user can be enticed to click an XSS-injected link.
Apply an update
ANTLabs has released a firmware update addressing these issues for affected models. All affected users are encouraged to update as soon as possible. The update is available on the ANTlabs customer portal or via the system update mechanism.
485324
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 20, 2015 Updated: July 06, 2015
Statement Date: May 27, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 7.8 | AV:A/AC:L/Au:N/C:C/I:C/A:N |
Temporal | 6.1 | E:POC/RL:OF/RC:C |
Environmental | 4.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Devesh Logendran for reporting these vulnerabilities.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-2849, CVE-2015-2850 |
---|---|
Date Public: | 2015-07-06 Date First Published: |