Skip to content

Instantly share code, notes, and snippets.

@alm4ric
Last active November 14, 2019 11:52
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save alm4ric/ada44ce7de9a30244c2269106c70a145 to your computer and use it in GitHub Desktop.
[Suggested description]
The Untangle NG firewall 14.2.0 is vulnerable to authenticated
inline-query SQL injection within the timeDataDynamicColumn parameter when logged in as an admin user.
[Additional Information]
I can share the report - containing the technical details and proof of the vulnerability - which I reported to Untangle. If needed, please let me know via PGP e-mail.
[Vulnerability Type]
SQL Injection
[Vendor of Product]
Untangle
[Affected Product Code Base]
NG firewall - 14.2.0
[Affected Component]
affected function
[Attack Type]
Remote
[Impact Code execution]
true
[Impact Information Disclosure]
true
[Attack Vectors]
To exploit the vulnerability, an attacker who is logged in as admin user can trigger an inline-query SQL injection within the timeDataDynamicColumn parameter.
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Reference]
https://www.untangle.com/untangle-ng-firewall/resources/release/
Use CVE-2019-18646.
[Suggested description]
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user.
[Additional Information]
I can share the report - containing the technical details and proof of the vulnerability - which I reported to Untangle. If needed, please let me know via PGP e-mail.
[VulnerabilityType Other]
Command Injection
[Vendor of Product]
Untangle
[Affected Product Code Base]
NG firewall - 14.2.0
[Affected Component]
affected function
[Attack Type]
Remote
[Impact Code execution]
true
[Impact Denial of Service]
true
[Impact Escalation of Privileges]
true
[Impact Information Disclosure]
true
[Attack Vectors]
To exploit the vulnerability, an attacker who has admin credentials can execute OS commands in the context of this logged in user.
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Reference]
https://www.untangle.com/untangle-ng-firewall/resources/release/
Use CVE-2019-18647.
[Suggested description]
When logged in as an admin user, the Untangle NG firewall 14.2.0 is vulnerable to reflected XSS at multiple places and specific user input fields.
[Additional Information]
I can share the report - containing the technical details and proof of the vulnerability - which I reported to Untangle. If needed, please let me know via PGP e-mail.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
Untangle
[Affected Product Code Base]
NG firewall - 14.2.0
[Affected Component]
affected function
[Attack Type]
Remote
[Impact Code execution]
true
[Attack Vectors]
To exploit the vulnerability, an attacker who is logged in as (admin) user can trigger a reflected XSS.
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Reference]
https://www.untangle.com/untangle-ng-firewall/resources/release/
Use CVE-2019-18648.
[Suggested description]
When logged in as an admin user, the Title input field (under Reports) within Untangle NG firewall 14.2.0 is vulnerable to stored XSS.
[Additional Information]
I can share the report - containing the technical details and proof of the vulnerability - which I reported to Untangle. If needed, please let me know via PGP e-mail.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
Untangle
[Affected Product Code Base]
NG firewall - 14.2.0
------------------------------------------
[Affected Component]
affected function
[Attack Type]
Remote
[Impact Code execution]
true
[Attack Vectors]
To exploit the vulnerability, an attacker who is logged in as (admin) user can add and save a malicious JavaScript payload, thus leading to stored XSS.
[Has vendor confirmed or acknowledged the vulnerability?]
true
[Reference]
https://www.untangle.com/untangle-ng-firewall/resources/release/
Use CVE-2019-18649.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment