CVE-2021-4406

Summary

An authenticated attacker is able to create alerts that trigger a stored XSS attack.

POC

  • go to the alert manager

  • open the ITSM tab

  • add a webhook with the URL/service token value

' -h && id | tee /tmp/ttttttddddssss #' (whitespaces are tab characters)

  • click add

  • click apply

  • create a test alert

  • The test alert will run the command

“id | tee /tmp/ttttttddddssss” as root.

  • after the test alert inspect

/tmp/ttttttddddssss it'll contain the ids of the root user.

Affected Software

VendorProductVersion RangeStatus
OSNEXUSQuantaStor0 <= 6.0.0.355affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

References