CVE-2023-46595 - OpenCVE

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Algosec	Fireflow

Configuration 1 [-]

OR	cpe:2.3:a:algosec:fireflow:a32.20:::::::*
	cpe:2.3:a:algosec:fireflow:a32.50:::::::*
	cpe:2.3:a:algosec:fireflow:a32.60:::::::*

References

Link	Resource
https://cwe.mitre.org/data/definitions/79.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AlgoSec

Published: 2023-11-02T07:47:50.794Z

Updated: 2024-02-15T06:00:34.579Z

Reserved: 2023-10-23T10:00:57.893Z

Link: CVE-2023-46595

JSON object: View

NVD Information

Status : Modified

Published: 2023-11-02T08:15:08.040

Modified: 2024-02-15T06:15:45.310

Link: CVE-2023-46595

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-46595", "assignerOrgId": "ca5f073f-8266-4d43-b3e3-6eb0bb18a738", "state": "PUBLISHED", "assignerShortName": "AlgoSec", "dateReserved": "2023-10-23T10:00:57.893Z", "datePublished": "2023-11-02T07:47:50.794Z", "dateUpdated": "2024-02-15T06:00:34.579Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "Linux"], "product": "Algosec FireFlow", "vendor": "Algosec", "versions": [{"status": "affected", "version": "A32.20, A32.50"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Micha\u0142 Bogdanowicz from Nordea Bank ABP (https://www.linkedin.com/in/micha%C5%82-bogdanowicz-603267a8/)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker <span style=\"background-color: rgb(255, 255, 255);\">to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead<span style=\"background-color: rgb(255, 255, 255);\"> to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)\n\n</span></span>"}], "value": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor\u00a0allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks. Fixed in\u00a0A32.20 (b570 or above), A32.50 (b390 or above)\n\n"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Credentials"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca5f073f-8266-4d43-b3e3-6eb0bb18a738", "shortName": "AlgoSec", "dateUpdated": "2024-02-15T06:00:34.579Z"}, "references": [{"url": "https://cwe.mitre.org/data/definitions/79.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade ASMS suite to A32.20 (b570 or above),  A32.50 (b390 or above)<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.algosec.com/en/downloads/hotfix_releases\">https://portal.algosec.com/en/downloads/hotfix_releases</a><br>"}], "value": "Upgrade ASMS suite to\u00a0A32.20 (b570 or above),\u00a0 A32.50 (b390 or above)\n https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases \n"}], "source": {"discovery": "EXTERNAL"}, "title": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:algosec:fireflow:a32.20:*:*:*:*:*:*:*", "matchCriteriaId": "5F57DA17-E133-43D9-AC12-60CBD0FBC253", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:fireflow:a32.50:*:*:*:*:*:*:*", "matchCriteriaId": "E3144E50-DB4B-4342-8147-7604003EC8D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:fireflow:a32.60:*:*:*:*:*:*:*", "matchCriteriaId": "8DF7FEFC-C3D7-490D-BE7C-1FE5EBB3B7F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor\u00a0allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks. Fixed in\u00a0A32.20 (b570 or above), A32.50 (b390 or above)\n\n"}, {"lang": "es", "value": "La fuga de Net-NTLM en Fireflow A32.20 y A32.50 permite a un atacante obtener las credenciales de dominio de la v\u00edctima y el hash Net-NTLM, lo que puede provocar ataques de dominio de retransmisi\u00f3n."}], "id": "CVE-2023-46595", "lastModified": "2024-02-15T06:15:45.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.4, "impactScore": 5.5, "source": "security.vulnerabilities@algosec.com", "type": "Secondary"}]}, "published": "2023-11-02T08:15:08.040", "references": [{"source": "security.vulnerabilities@algosec.com", "url": "https://cwe.mitre.org/data/definitions/79.html"}], "sourceIdentifier": "security.vulnerabilities@algosec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security.vulnerabilities@algosec.com", "type": "Secondary"}]}