cbcvebase.
CVE-2024-3378
published 2024-04-06

CVE-2024-3378: A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality…

PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
22.00%
97.4th percentile
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability.

Affected

3 ranges
VendorProductVersion rangeFixed in
ibosssecure_web_gateway< 10.2.0.16010.2.0.160
ibosssecure_web_gateway
ibosssecure_web_gateway

Detection & IOCsextracted from sources · hover to see the quote

path/login
path/user_login_submit
otheriboss-font.css
commanduserName={{rand_base(10)}}&x={{rand_base(10)}}&action=login&redirectUrl=
  • Probe for XSS by sending a POST to /user_login_submit with a crafted redirectUrl parameter, then issue a GET to /login and check the response body for the injected payload reflected back (e.g. contains '"' and 'iboss,')
  • Fingerprint iboss Secure Web Gateway instances via the presence of 'iboss-font.css' in the HTML body (Shodan, FOFA, Google dork)
  • The attack vector is the redirectUrl parameter in the login portal; monitor or WAF-block requests to /login and /user_login_submit where redirectUrl contains script injection payloads
  • ·The Nuclei template uses a two-step flow: first POST to /user_login_submit to trigger the login failure, then GET /login to observe the reflected payload. Both steps must succeed (internal matcher on step 1) before the XSS check on step 2 is evaluated.
  • ·The template is tagged 'intrusive' — running it against a target will generate actual failed login attempts and may trigger account lockout or security alerting on the target system.
  • ·Vulnerability only affects iboss Secure Web Gateway up to version 10.1; version 10.2.0.160 and later are patched.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.