by RSS Aamir Lakhani  |  Nov 12, 2015  |  Filed in: Security Research

Overview

Infoblox is a network controller company that provides network automation and domain name system (DNS) security through appliance-based solutions. These products enable and secure dynamic network and data center infrastructures. It offers four product families: core network services, infrastructure security, cloud network automation and network change, and configuration management.

Infoblox NetMRI provides automatic network discovery, switch port management, network change automation, and continuous security policy and configuration compliance management for multi-vendor routers, switches, and other layer-2 and layer-3 network devices.

FortiGuard Labs has discovered two cross-site scripting (XSS) vulnerabilities in Infoblox NetMRI. The vulnerabilities exist due to insufficiently sanitizing user-supplied data in HTTP requests sent to “configuration_management” and “netmri_help.tdf”, allowing remote attackers to exploit them and launch XSS attacks. Successful exploitation against these vulnerabilities would allow injection and execution of arbitrary HTML and script code in the target user's browser in the security context of the affected Infoblox NetMRI. While authentication is required to exploit the vulnerabilities, NetMRI’s role in the network makes them of significant concern.

Analysis

The first vulnerability exists due to insufficiently sanitizing user-supplied data to the parameter “navigate_to”. We were able to craft an input for the value of the parameter “navigate_to” that terminates the original code line which refers to the value of the parameter “navigate_to” and comments out the rest of the original code line. As a result, the injected code becomes a valid code line which can be automatically executed by the web browser.

The second vulnerability exists due to insufficiently sanitizing user-supplied data to the parameter “helpId”. This vulnerability also allows a crafted parameter to terminate the original code line, making the injected code a valid code line which can be automatically executed by the web browser.

Mitigation

Users of InfoBlox NetMRI prior to version 7.02 should upgrade to the latest version of NetMRI.

Networks and users who have deployed Fortinet IPS are automatically protected from these vulnerabilities by IPS Signatures Infoblox.NetMRI.help.XSS and Infoblox.NetMRI.Configuration.Management.XSS.

Thanks to Fortinet’s FortiGuard Labs for discovering these vulnerabilities.

http://www.fortiguard.com/advisory/fortinet-discovers-infoblox-netmri-netmri-help-xss-vulnerability

http://www.fortiguard.com/advisory/fortinet-discovers-infoblox-netmri-configuration-management-xss-vulnerability

by RSS Aamir Lakhani  |  Nov 12, 2015  |  Filed in: Security Research