CVE-2014-3738
Description
Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting
# Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system
# Date: 12/05/2014
# Exploit author: Dolev Farhi dolev(at)openflare.org
# Vendor homepage: http://zenoss.com
# Software Link: http://www.zenoss.com
# Version: Core 4.2.5-2108 64bit
# Tested on: Kali Linux
# Vendor alerted: 12/05/2014
# CVE-2014-3738
Software details:
==================
Zenoss (Zenoss Core) is a free and open-source application, server, and
network management platform based on the Zope application server.
Released under the GNU General Public License (GPL) version 2, Zenoss
Core provides a web interface that
allows system administrators to monitor availability,
inventory/configuration, performance, and events.
Vulnerability details: Stored XSS Vulnerability
========================
A persistent XSS vulnerability was found in Zenoss core, by creating a
malicious host with the Title <script>alert("Xss")</script> any user
browsing
to the relevant manufacturers page will get a client-side script
executed immediately.
Proof of Concept:
1. Create a device with with the Title <script>alert("XSS")</script>
2. Navigate to the Infrastructure -> Manufacturers page.
3. pick the name of the manufacturer of the device, e.g. Intel
4. select the type of the hardware the device is assigned to, e.g. GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz
5. the XSS Executes.
<tr class="even">
<td class="tablevalues"><a href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("Dolev")</script></a></td>
<td class="tablevalues">GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz</td>
</tr>Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| zenoss | zenoss | 4.2.5 | |
References
- http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html
- http://www.exploit-db.com/exploits/34165
- http://www.openwall.com/lists/oss-security/2014/05/14/5
- http://www.openwall.com/lists/oss-security/2014/05/15/5
- http://www.securityfocus.com/bid/67396
- https://www.youtube.com/watch?v=wtmdsz24evo
- http://packetstormsecurity.com/files/127623/Zenoss-Monitoring-System-4.2.5-2108-Cross-Site-Scripting.html
- http://www.exploit-db.com/exploits/34165
- http://www.openwall.com/lists/oss-security/2014/05/14/5
- http://www.openwall.com/lists/oss-security/2014/05/15/5
- http://www.securityfocus.com/bid/67396
- https://www.youtube.com/watch?v=wtmdsz24evo
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.