Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)

Publication Date: 06 Jul 2015

Description

SQL Injection Vulnerability
A vulnerability which allows user to perform queries on the underlying datastore via ppli URL parameter of the default login page main.ant; CVE-2015-2849

Cross-Site Scripting Vulnerability
A reflected cross-site scripting vulnerability exists in the msg URL parameter of the admin login page index-login.ant; CVE-2015-2850

Impact

A remote attacker may be able to exploit CVE-2015-2849 to execute arbitrary queries on the backend datastore.

A remote attacker may be able to exploit CVE-2015-2850 to obtain user credentials to the admin panel by crafting a XSS injected bait (which is either an email or link from another website) and tricking the user to access the admin panel via the bait.

Status

The SQL Injection and Cross Site Scripting vulnerabilities are classified as ‘CVE-2015-2849’ and ‘CVE-2015-2850’ respectively by CERT.

Affected gateway products are:

  • IG 3100 model 3100, model 3101
  • InnGate 3.00 E-Series, 3.01 E-Series, 3.02 E-Series, 3.10 E-Series
  • InnGate 3.01 G-Series, 3.10 G-Series
  • SSG 4
  • SG 4

Recommended Action

If your product is listed as the affected gateways above, you can eliminate this vulnerability by applying the latest patches.

You may download the latest patches from our online patching system, please follow the following instructions:

InnGate 3 gateways patched below Patch #43 : Kindly register or login to ANTlabs Support Portal, download and manually apply patches up to level 43 in Admin GUI (Admin GUI > System > Maintenance > Patch). Continue applying patches to the latest level through Online Patching.

Patches for manual upload can be downloaded from: ANTlabs Website > Support > Patches > InnGate 3.

IG 3100 and InnGate 3 Gateway Patches #43 and above: The patches can be downloaded through Online Patching (Admin GUI > System > Maintenance > Patch). From the patch list, click button “Check for Updates”, “Download all” and “Install Next Patch” up to the latest level.

SG 4: The patches can be downloaded through Online Patching (Admin GUI > System > Maintenance > Patch). From the patch list, click button “Check for Updates”, “Download all” and “Install Next Patch” up to the latest level.

Any issues, please contact our support at tech-support@antlabs.com.

Acknowledgments

ANTlabs would like to acknowledge Devesh Logendran and CERT(R) Coordination Center team for bringing this issue to our attention, and for following the highest standards of responsible disclosure.