Security Advisory – Multiple Security Vulnerabilities in Netscout nGeniusOne v6.3.4 Uncovered (CVE-2023-26998, CVE-2023-26999, CVE-2023-27000)

A detailed investigation has revealed multiple vulnerabilities in Netscout’s nGeniusOne version 6.3.4, including stored server-side cross-site scripting (XSS), XML External Entity (XXE) injection, and reflected client-side XSS. These vulnerabilities have been assigned CVE-2023-26998, CVE-2023-26999, and CVE-2023-27000, respectively.

1. Stored Server-Side XSS via CSV Upload (CVE-2023-26998):
This vulnerability was discovered in the Alert Configuration -> Actions module. It involves importing a CSV file with an unsanitized ‘Creator’ column, leading to stored XSS. The malicious script executes for any user visiting the affected page.

2. XXE – XML External Entity Injection (CVE-2023-26999):
The XXE vulnerability was found in various modules that allow XML imports. This issue enables attackers to read files on the server filesystem, interact with internal and external systems, and potentially perform a Denial of Service (DoS) attack. Several proof of concepts (PoCs) demonstrate different exploitation techniques, including Server Side Request Forgery (SSRF) and Local File Inclusion (LFI), affecting various modules.

3. Reflected Client-Side XSS via XML Upload (CVE-2023-27000):
Similar to the XXE vulnerability, this issue also affects modules that permit XML file imports. It leads to reflected client-side XSS, where malicious scripts embedded in XML files are executed.

Vulnerability Discovery and Reporting:
The vulnerabilities were discovered during a penetration testing engagement. Efforts to contact the vendor for a comprehensive list of all vulnerable software versions were made, but the vendor was reportedly unresponsive.

Affected Users:
Users of Netscout nGeniusOne v6.3.4 are advised to be cautious and seek updates or patches from Netscout. The vulnerabilities highlight significant security risks, particularly in network performance management and monitoring solutions.

For further information and detailed PoCs, visit the original article by Piotr Ryciak: Piotr Ryciak’s Blog on Netscout Vulnerabilities.