Cisco Secure Access Control Server (ACS) CSUserCGI.exe Help Facility XSS

medium Nessus Plugin ID 33945

Synopsis

The remote web server hosts a CGI script that is affected by multiple cross-site scripting vulnerabilities.

Description

Multiple cross-site scripting (XSS) vulnerabilities exist in the 'securecgi-bin/CSuserCGI.exe' CGI included with User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine.

A remote attacker may be able to leverage these vulnerabilities to inject arbitrary JavaScript or HTML into a user's browser via an argument located immediately after the Help argument, and possibly unspecified other vectors.

Solution

Upgrade to UCP Version 4.2 or later.

See Also

http://www.nessus.org/u?578e73a1

https://www.securityfocus.com/archive/1/489463/30/0/threaded

http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml

Plugin Details

Severity: Medium

ID: 33945

File Name: cisco_acs_ucp_xss.nbin

Version: 1.92

Type: remote

Published: 8/19/2008

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2008-0533

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/12/2008

Vulnerability Publication Date: 3/12/2008

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-0533

BID: 28222

CWE: 79

IAVB: 2008-B-0025-S