CVE-2019-18663: SQL-Injection in ARP-GUARD

CVE, CVE-2019-18663: SQL-Injection in ARP-GUARD

Overview

  • Vendor: ISL Internet Sicherheitslösungen GmbH
  • Product: ARP-GUARD
  • Version: 4.0.0-5
  • Vulnerability: SQL-Injection
  • Fixed Version: 4.0.0-7

Background

ARP-GUARD is a Network Access Control Solution to protect company networks against from unauthorised access. It identify allowed devices via their MAC address or certificates (802.1X).

From the vendor’s website: “ARP-GUARD makes sure that users don’t use any unauthorised notebooks, smartphones or even wireless access points. Our software solution protects your IT infrastructure from malware-infected external devices and your intellectual property from unauthorised access! Our security solution provides reliable protection against unauthorised access to the internal LAN and WLAN, as well as the Internet. With ARP-GUARD, only authorized devices are granted access to your network!”

Issue Description

While analyzing the implementation of the ARP-GUARD web interface, one SQL-Injection vulnerability has been identified, which can be exploited in order to read dump all database data, also the username and passwords for the web application. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Please consider the following HTTP request:

HTTP-Request

It was possible to extract the admin password for the web application via the time-based SQL-Injection.

CVE

CVE-2019-18663

CVSSv3 Base Score

CVSS Base Score: 8.1

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Disclaimer

The information provided is released “as is” without warranty of any kind. The publisher disclaims all warranties, either express or implied, including all warranties of merchantability. No responsibility is taken for the correctness of this information. In no event shall the publisher be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the publisher has been advised of the possibility of such damages.

The contents of this advisory are copyright (c) 2019 SVA System Vertrieb Alexander GmbH and may be distributed freely provided that no fee is charged for this distribution and proper credit is given.

Co Author:

Pascal Keul

War dieser Artikel für Sie interessant?