CVE-2024-3378
published 2024-04-06CVE-2024-3378: A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality…
PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
22.00%
97.4th percentile
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| iboss | secure_web_gateway | < 10.2.0.160 | 10.2.0.160 |
| iboss | secure_web_gateway | — | — |
| iboss | secure_web_gateway | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path/user_login_submit
otheriboss-font.css
commanduserName={{rand_base(10)}}&x={{rand_base(10)}}&action=login&redirectUrl=
- →Probe for XSS by sending a POST to /user_login_submit with a crafted redirectUrl parameter, then issue a GET to /login and check the response body for the injected payload reflected back (e.g. contains '"' and 'iboss,')
- →Fingerprint iboss Secure Web Gateway instances via the presence of 'iboss-font.css' in the HTML body (Shodan, FOFA, Google dork)
- →The attack vector is the redirectUrl parameter in the login portal; monitor or WAF-block requests to /login and /user_login_submit where redirectUrl contains script injection payloads ↗
- ·The Nuclei template uses a two-step flow: first POST to /user_login_submit to trigger the login failure, then GET /login to observe the reflected payload. Both steps must succeed (internal matcher on step 1) before the XSS check on step 2 is evaluated.
- ·The template is tagged 'intrusive' — running it against a target will generate actual failed login attempts and may trigger account lockout or security alerting on the target system.
- ·Vulnerability only affects iboss Secure Web Gateway up to version 10.1; version 10.2.0.160 and later are patched. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3mg8-g497-8859: A vulnerability has been found in iboss Secure Web Gateway up to 10
ghsa_unreviewed·2024-04-06
CVE-2024-3378 [MEDIUM] CWE-79 GHSA-3mg8-g497-8859: A vulnerability has been found in iboss Secure Web Gateway up to 10
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability.
VulnCheck
iboss secure_web_gateway Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2024·CVSS 4.3
CVE-2024-3378 [MEDIUM] iboss secure_web_gateway Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
iboss secure_web_gateway Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A vulnerability has been found in iboss Secure Web Gateway up to 10.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login of the component Login Portal. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.2.0.160 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259501 was assigned to this vulnerability.
Affected: iboss secure_web_gateway
Required Action: Apply remediations or mitigations per vendor instructions or discontinue
No detection rules found.
Nuclei
iboss Secure Web Gateway - Stored Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2024-3378 [MEDIUM] iboss Secure Web Gateway - Stored Cross-Site Scripting
iboss Secure Web Gateway - Stored Cross-Site Scripting
A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attack can be launched remotely and the exploit has been disclosed to the public.
Template:
id: CVE-2024-3378
info:
name: iboss Secure Web Gateway - Stored Cross-Site Scripting
author: s4e-io
severity: medium
description: |
A cross-site scripting vulnerability has been found in iboss Secure Web Gateway up to version 10.1. The vulnerability affects the /login file of the Login Portal component, where manipulation of the redirectUrl parameter leads to cross-site scripting. The attac
No writeups or analysis indexed.
https://github.com/modrnProph3t/CVE/blob/main/CVE-2024-3378.mdhttps://vuldb.com/?ctiid.259501https://vuldb.com/?id.259501https://vuldb.com/?submit.310642https://github.com/modrnProph3t/CVE/blob/main/CVE-2024-3378.mdhttps://vuldb.com/?ctiid.259501https://vuldb.com/?id.259501https://vuldb.com/?submit.310642
2024-04-06
Published
Exploited in the wild