CVE-2023-47575 in RELY-PCIeinfo

Summary

by MITRE • 12/13/2023

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. The web interfaces of the Relyum devices are susceptible to reflected XSS.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 01/04/2024

The vulnerability identified as CVE-2023-47575 affects Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, representing a critical security flaw in the web interface components of these network security appliances. These devices are designed for enterprise network protection and monitoring, making them attractive targets for cyber adversaries seeking to exploit web-based attack vectors. The specific vulnerability manifests as a reflected cross-site scripting flaw that allows attackers to inject malicious scripts into web responses that are then executed in the context of authenticated users' browsers. This issue impacts the device management interfaces, potentially compromising the security posture of organizations relying on these appliances for network defense.

The technical implementation of this reflected XSS vulnerability stems from insufficient input validation and output encoding within the web interface components of the Relyum devices. When user-supplied data is directly incorporated into web responses without proper sanitization or encoding, attackers can craft malicious URLs containing script payloads that get reflected back to users' browsers upon page load. This type of vulnerability falls under CWE-79 which specifically addresses cross-site scripting flaws in web applications. The attack typically involves luring an authenticated user to click on a malicious link containing the crafted payload, where the script executes in the victim's browser context with the privileges of the authenticated session. The reflected nature of this vulnerability means the malicious script is not stored on the server but rather injected through the web interface itself.

The operational impact of this vulnerability extends beyond simple script execution, potentially enabling attackers to perform session hijacking, steal authentication tokens, redirect users to malicious sites, or even execute arbitrary commands within the device's administrative context. Given that these are network security appliances, successful exploitation could provide attackers with privileged access to network monitoring and control functions, potentially allowing them to bypass security controls, monitor network traffic, or modify device configurations. The vulnerability affects both the RELY-PCIe and RELY-REC device families, indicating a widespread issue across multiple product lines that organizations may be using for critical network security functions. This creates a significant risk for enterprises that rely on these devices for network protection, as the attack surface includes not only the web interface but also the administrative capabilities of the entire network security infrastructure.

Organizations should immediately implement mitigations including updating to patched firmware versions provided by Relyum, implementing network segmentation to limit access to these administrative interfaces, and deploying web application firewalls to detect and block malicious payloads. The vulnerability aligns with ATT&CK technique T1566 which covers social engineering tactics involving malicious links and payloads. Security teams should also consider implementing additional monitoring for suspicious web traffic patterns and user behavior anomalies that might indicate exploitation attempts. Due to the nature of reflected XSS vulnerabilities, regular security assessments of web interfaces and input validation mechanisms should be conducted to prevent similar issues from emerging in other components of the network security infrastructure. Organizations should also review their access controls and authentication mechanisms to ensure that administrative interfaces are not accessible from untrusted networks or exposed to unnecessary user access.

Reservation

11/06/2023

Disclosure

12/13/2023

Moderation

accepted

CPE

ready

EPSS

0.00406

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!