Zero-Day Advisory

Fortinet Discovers Infoblox NetMRI configuration_management XSS Vulnerability

Summary

Fortinet's FortiGuard Labs has discovered a cross-site scripting (XSS) vulnerability in Infoblox NetMRI.
Infoblox is a network controller company. The company provides network automation and domain name system (DNS) security through appliance-based solutions that enable and secure dynamic network and data center. It offers four product families: core network services, infrastructure security, cloud network automation and network change and configuration management.
Infoblox NetMRI provides automatic network discovery, switch port management, network change automation, and continuous security policy and configuration compliance management for multi-vendor routers, switches, and other layer-2 and layer-3 network devices. NetMRI is the only platform that supports traditional and virtual network constructs for multi-vendor network automation.
A cross-site scripting (XSS) vulnerability has been discovered in Infoblox NetMRI. The vulnerability exists due to insufficiently sanitizing user-supplied data in HTTP request sent to "configuration_management" so that remote attackers can exploit it to launch XSS attack. Successful exploitation against this vulnerability would allow injection and execution of arbitrary HTML and script code in the target user's browser in the security context of the affected Infoblox NetMRI.

Solutions

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

Infoblox.NetMRI.Configuration.Management.XSS
Released Mar 09, 2015
Users should apply the solution provided by Infoblox.

Acknowledgement

This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.