Enterasys: SecureStack Switch v6 Multiple Vulnerabilities
The Enterasys C5 is a scalable, high-performance Gigabit Ethernet switch offering support for IEEE 802.3at
compliant high-power PoE, flexible 10 Gigabit Ethernet options, dynamic IPv4 and IPv6 routing and enhanced
automation capabilities to provide for a future-proofed solution that significantly reduces operational
expenses for customers.
Multiple persistent Input Validation vulnerabilities are detected on Enterasys SecureStack Switches Series A – C.
Local low privileged user accounts can implement/inject malicious script code to manipulate modules via persistent context
requests. When exploited by an authenticated user, the identified vulnerabilities can result in information disclosure via error,
session hijacking, access to available appliance services, manipulated persistent content execution out of the application context.
The vulnerabilities can be exploited by remote attackers with low required user inter action. For demonstration or reproduce …
Exploitation via Console:
Command#1: set vlan name 1337 <script>alert(document.cookie)</script>
Command#2: set system name http://www.vulnerability-lab.com>
Command#3: set system location “><iframe src=a onload=alert(“VL”) <
Command#4: set system contact <script>alert(‘VL’)</script>
The security risk of the persistent Input Validation Vulnerabilities is estimated as high
Vulnerability Laboratory Researcher – Julien Ahrens (MrTuxracer) [www.inshell.net]