Security experts from Vulnerability Lab have identified a couple of flaws in nCircle’s PureCloud vulnerability scanner, a cloud-based solution that allows organizations to identify weak points in their networks before they can be leveraged by cybercriminals.An attacker can exploit the security holes to inject his own malicious code into the vulnerable module.
The persistent cross-site scripting (XSS) vulnerability has been identified in the “Scan Now > Scan Type > Perimeter Scan > Scan” section when a request is processed via the “Scan Specific Devices - [Add Devices]” module.
“The persistent injected script code will be executed out of the `invalid networks` web application exception-handling. To bypass the standard validation of the application filter the attacker needs to provoke the specific invalid networks exception-handling error,” reads the advisory sent by Vulnerability Labs to Softpedia.
“In the second step, the attacker splits the request of the invalid filter context to execute after it the not parsed malicious script code. The vulnerability can be exploited on client side via force manipulated link as malicious request with medium user interaction but also via server side by a post injection in the later affected add server listing module.”
The second vulnerability is connected to the first one and it’s located in the “IP & Name” output listing of the scan index after a network, a server or an IP have been added.
“The code will be executed out of the main IP & name listing after an evil inject via add module. To bypass the IP restriction filter it is required to split the request like in the first issue with a valid IP,” the advisory reads.
“The remote attacker includes a valid IP+split( )`+own_scrIPtcode to pass through the system validation filter and execute the script code out of the device name and IP listing.”
The vulnerability was reported to nCircle on December 24, 2012, and a patch for it was released on January 28.
A detailed proof-of-concept for the vulnerabilities is available here.