La nuova immagine di TIM

Una nuova immagine con uno stile dinamico, colori moderni e persone che occupano quasi interamente la scena. Scopri di più

Presentazione risultati primo semestre 2025

Guarda l'on demand

La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

tag

CVE-2024-28804

CVE-2024-28804 – Italtel i-MCS NFV

Vulnerability Description: Improper Neutralization of Input During Web Page

Generation (‘Stored Cross-site Scripting’) - CWE-79

Software Version: 12.1.0-20211215

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-28804

CVSSv3:

Severity:

Credits: Luca Carbone, Fabio Romano, Stefano Scipioni, Massimiliano Brolli

Stored Cross-site scripting (XSS) vulnerability allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter which store the user input without sanitization.

 

Step-by-step instructions and PoC

The Web application does not properly check the parameters sent as input from clients before they are re-included within the HTTP pages returned by the application. In particular, the web gui is affected by stored type of this vulnerability. Due to the lack of validation of user input, it allows an attacker to modify the HTML code and the expected execution flow could be altered. The attack can be performed without authentication.

Affected Endpoints

·       URL: https://[HOST]/[NODE-NAME]/IMCSCI-WebGui /j_security_check

o   HTTP POST Parameter: j_username

 

Below are the evidences with the vulnerability details and the payloads used.

URL: https://[HOST]/[NODE-NAME]/IMCSCI-WebGui/j_security_check

Payload used to exploit the vulnerability:

Click To Enlarge

 

The endpoint is affected by the Stored type of this vulnerability. The first step consists of replacing the value in the “j_username” POST parameter with the malicious javascript code. This value is stored in the application logs and an alert is generated (Authentication failure), which can be displayed by authenticated users. Since this kind of alerts generate a notification on the home page, the javascript code is executed as soon as a user logs into the web GUI. This vulnerability is particularly critical since the attacker does not need any kind of access to the web application in order to exploit it.

Click To Enlarge

Security Impact

Successful attacks of this vulnerability can result in unauthorized access to critical data or complete account takeover.