Skip to content

Latest commit

 

History

History
26 lines (18 loc) · 1.16 KB

CVE-2022-29152.md

File metadata and controls

26 lines (18 loc) · 1.16 KB

CVE-2022-29152

Description

The Ericom PowerTerm WebConnect login portal unsafely writes values from the 'AppPortal' cookie into the page source, permitting arbitrary Javascript execution.

Impact

Portal credentials can be captured via cross-site scripting.

Exploitability

To persist the login form fields, the Ericom portal sets the 'AppPortal' cookie and populates it with POST data from the last failed login attempt. Because of that behavior, a malicious cookie can be set from an attacker-controlled domain by using cross-site request forgery to submit a failed login request. If a victim views an attacker's webpage a single time, an attacker can trigger an exploit chain that may result in the theft of Active Directory credentials.

CVE Reference

CVE-2022-29152

Resolution

The vendor has not responded to responsible disclosure.

Discovery Credits

Ryan Emmons - CBI

Disclosure Timeline

  • 2 April 2022 - A ticket was created with the vendor and an autoreply was received.
  • 15 April 2022 - No follow-up from the vendor after two weeks, so the issue is being publicly disclosed.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29152