CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
52.2%
The ForeScout CounterACT appliance contains reflected cross-site scripting (XSS) vulnerabilities.
The web interface of the ForeScout CounterACT appliance contains reflected XSS vulnerabilities (CWE-79). The following are a couple examples:
hxxp://xxx.xxx.xxx.xxx/status?username=test``"><script>alert(1);</script> ``hxxp://xxx.xxx.xxx.xxx/status?action=4362907358160917120&forgotpass=true&loginname=test``<script>alert(1);</script>
Additional details may be found in ForeScout Security Advisory 12-01. (Login Required)
A remote attacker may, by luring a user into clicking a malicious URL, be able to disclose sensitive information, steal user cookies, or escalate privileges.
Apply an Update
* CounterACT 6.3.3.2 install Hotfix 4.12050
* CounterACT 6.3.4.0 install Hotfix 10.0
* CounterACT 6.3.4.1 install Hotfix 6.0
* CounterACT 6.3.4.10 install Hotfix 1.0
815532
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 02, 2012 Updated: June 07, 2012
Affected
ForeScout Technologies would like to thank Travis Lee and the CERT-CC for reporting and responsible disclosure of this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Temporal | 3.4 | E:POC/RL:OF/RC:C |
Environmental | 3.4 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Thanks to Travis Lee for reporting this vulnerability.
This document was written by Jared Allar.
CVE IDs: | CVE-2012-1825 |
---|---|
Date Public: | 2012-06-07 Date First Published: |