CVE-2017-18014
https://notcve.org/view.php?id=CVE-2017-18014
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request. Se ha descubierto un problema NC-25986 en el subsistema de informes de Sophos XG Firewall with SFOS en versiones anteriores a la 17.0.3 MR3. Un usuario sin autenticar puede desencadenar una vulnerabilidad de Cross-Site Scripting (XSS) persistente en la página de informes WAF (Control Center -> Log Viewer -> en el filtro opción "Web Server Protection") en la interfaz webadmin y ejecutar cualquier acción disponible para el webadmin del firewall (por ejemplo, crear un nuevo usuario, habilitar SSH o añadir la clave SSH autorizada). • http://seclists.org/fulldisclosure/2018/Jan/24 https://blogs.securiteam.com/index.php/archives/3612 https://community.sophos.com/kb/en-us/128024 https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-0-3-mr3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •