La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Ultimi Comunicati Stampa

Redazione ufficio stampa

Leggi gli ultimi comunicati stampa e naviga nell'archivio dell'Ufficio Stampa del Gruppo TIM. Leggi i comunicati

CVE-2024-31847

CVE-2024-31847 – Italtel Embrace

Vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') - CWE-79

Software Version: 1.6.4

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-31847

CVSSv3: 6.1

Severity: Medium

Credits: Luca Carbone, Fabio Romano, Federico Draghelli, Massimiliano Brolli

Stored Cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/GET parameter which reflects/store the user input without sanitization.

 

Step-by-step instructions and PoC

The Web application does not properly check the parameters sent as input from clients before they are re-included within the HTTP pages returned by the application. In particular, the web gui is affected by the stored type of this vulnerability. Due to the lack of validation of user input, it allows an attacker to inject arbitrary javascript code which is then reflected in the Activity Log page of the application. The attack can be performed both pre and post authentication.

Below are the evidences with the vulnerability details and the payloads used.

The below payload is an example. The vulnerability can be exploited using every functionality which generates a log entry in the ActivityLog page of the web application

URL: https://[HOST]/[NODE-NAME]/supervoip/api/v1/logTrace/buttonViewLogTrace/[ANY-STRING]/<img%20src=x%20onerror=alert(document.cookie"))>/it

Payload used to exploit the vulnerability:

Figure 1 - Payload

Click To Enlarge

Figure 2 - XSS Stored

Click To Enlarge

Figure 3 - XSS Stored

Click To Enlarge

Security Impact

Successful attacks of this vulnerability can result in unauthorized access to critical data or complete account takeover.