CVE-2023-46595 - Vulnerability Details - OpenCVE

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Key SSVC decision points have not yet been added.

Vendors	Products
Algosec	Fireflow

Configuration 1 [-]

OR	cpe:2.3:a:algosec:fireflow:a32.20:::::::*
	cpe:2.3:a:algosec:fireflow:a32.50:::::::*
	cpe:2.3:a:algosec:fireflow:a32.60:::::::*

No data.

No data.

Fixes

Solution

Upgrade ASMS suite to A32.20 (b570 or above), A32.50 (b390 or above) https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases

Workaround

No workaround given by the vendor.

References

Link	Providers
https://cwe.mitre.org/data/definitions/79.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: AlgoSec

Published: 2023-11-02T07:47:50.794Z

Updated: 2024-08-02T20:45:42.290Z

Reserved: 2023-10-23T10:00:57.893Z

Link: CVE-2023-46595

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-02T08:15:08.040

Modified: 2024-11-21T08:28:51.787

Link: CVE-2023-46595

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46595", "assignerOrgId": "ca5f073f-8266-4d43-b3e3-6eb0bb18a738", "state": "PUBLISHED", "assignerShortName": "AlgoSec", "dateReserved": "2023-10-23T10:00:57.893Z", "datePublished": "2023-11-02T07:47:50.794Z", "dateUpdated": "2024-08-02T20:45:42.290Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "Linux"], "product": "Algosec FireFlow", "vendor": "Algosec", "versions": [{"status": "affected", "version": "A32.20, A32.50"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Micha\u0142 Bogdanowicz from Nordea Bank ABP (https://www.linkedin.com/in/micha%C5%82-bogdanowicz-603267a8/)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker <span style=\"background-color: rgb(255, 255, 255);\">to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead<span style=\"background-color: rgb(255, 255, 255);\"> to relay domain attacks. Fixed in A32.20 (b570 or above), A32.50 (b390 or above)\n\n</span></span>"}], "value": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor\u00a0allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks. Fixed in\u00a0A32.20 (b570 or above), A32.50 (b390 or above)\n\n"}], "impacts": [{"capecId": "CAPEC-21", "descriptions": [{"lang": "en", "value": "CAPEC-21 Exploitation of Trusted Credentials"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca5f073f-8266-4d43-b3e3-6eb0bb18a738", "shortName": "AlgoSec", "dateUpdated": "2024-02-15T06:00:34.579Z"}, "references": [{"url": "https://cwe.mitre.org/data/definitions/79.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade ASMS suite to A32.20 (b570 or above),  A32.50 (b390 or above)<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.algosec.com/en/downloads/hotfix_releases\">https://portal.algosec.com/en/downloads/hotfix_releases</a><br>"}], "value": "Upgrade ASMS suite to\u00a0A32.20 (b570 or above),\u00a0 A32.50 (b390 or above)\n https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases \n"}], "source": {"discovery": "EXTERNAL"}, "title": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:45:42.290Z"}, "title": "CVE Program Container", "references": [{"url": "https://cwe.mitre.org/data/definitions/79.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:algosec:fireflow:a32.20:*:*:*:*:*:*:*", "matchCriteriaId": "5F57DA17-E133-43D9-AC12-60CBD0FBC253", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:fireflow:a32.50:*:*:*:*:*:*:*", "matchCriteriaId": "E3144E50-DB4B-4342-8147-7604003EC8D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:algosec:fireflow:a32.60:*:*:*:*:*:*:*", "matchCriteriaId": "8DF7FEFC-C3D7-490D-BE7C-1FE5EBB3B7F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor\u00a0allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks. Fixed in\u00a0A32.20 (b570 or above), A32.50 (b390 or above)\n\n"}, {"lang": "es", "value": "La fuga de Net-NTLM en Fireflow A32.20 y A32.50 permite a un atacante obtener las credenciales de dominio de la v\u00edctima y el hash Net-NTLM, lo que puede provocar ataques de dominio de retransmisi\u00f3n."}], "id": "CVE-2023-46595", "lastModified": "2024-11-21T08:28:51.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.4, "impactScore": 5.5, "source": "security.vulnerabilities@algosec.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-02T08:15:08.040", "references": [{"source": "security.vulnerabilities@algosec.com", "url": "https://cwe.mitre.org/data/definitions/79.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cwe.mitre.org/data/definitions/79.html"}], "sourceIdentifier": "security.vulnerabilities@algosec.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security.vulnerabilities@algosec.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}