CVE-2022-29152
Description
The Ericom PowerTerm WebConnect login portal unsafely writes values from the 'AppPortal' cookie into the page source, permitting arbitrary Javascript execution.
Impact
Portal credentials can be captured via cross-site scripting.
Exploitability
To persist the login form fields, the Ericom portal sets the 'AppPortal' cookie and populates it with POST data from the last failed login attempt. Because of that behavior, a malicious cookie can be set from an attacker-controlled domain by using cross-site request forgery to submit a failed login request. If a victim views an attacker's webpage a single time, an attacker can trigger an exploit chain that may result in the theft of Active Directory credentials.
CVE Reference
CVE-2022-29152
Resolution
The vendor has not responded to responsible disclosure.
Discovery Credits
Ryan Emmons - CBI
Disclosure Timeline
- 2 April 2022 - A ticket was created with the vendor and an autoreply was received.
- 15 April 2022 - No follow-up from the vendor after two weeks, so the issue is being publicly disclosed.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29152