Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities

Title: Dell SonicWALL Global Management System GMS 8.1 XSS Vulnerabilities
Advisory ID: ZSL-2016-5389
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 29.12.2016
Summary
Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutions with enhanced network security monitoring and robust network security reporting. By deploying GMS in an enterprise, you can minimize administrative overhead by streamlining security appliance deployment and policy management.
Description
Dell SonicWALL GMS suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Vendor
Dell Inc. - https://www.sonicwall.com/products/sonicwall-gms/
Affected Version
8.1
8.0 SP1 Build 8048.1410
Flow Server Virtual Appliance
Tested On
SonicWALL
MySQL/5.0.96-community-nt
Apache-Coyote/1.1
Apache Tomcat 6.0.41
Vendor Status
[26.01.2016] Vulnerabilities discovered.
[29.01.2016] Vendor contacted.
[29.01.2016] Vendor responds asking more details providing PGP keys.
[29.01.2016] Sent details to the vendor.
[29.01.2016] Vendor confirms receipt of the issues forwarding to engineering team.
[12.02.2016] Asked vendor for status update.
[12.02.2016] Vendor confirms the issues scheduling a patch release.
[23.02.2016] Asked vendor for status update.
[24.02.2016] Vendor replied.
[19.04.2016] Asked vendor for status update.
[20.04.2016] Vendor informs one of the issues is in remediation stage, remaining ones still under review.
[22.04.2016] Working with the vendor.
[02.12.2016] Vendor releases patch in GMS 8.2 to address these issues.
[29.12.2016] Coordinated public security advisory released.
PoC
sonicwall_xss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://support.sonicwall.com/product-notification/215257?productName=SonicWALL%20GMS
[2] https://packetstormsecurity.com/files/140301
[3] https://cxsecurity.com/issue/WLB-2016120169
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/120213
Changelog
[29.12.2016] - Initial release
[02.01.2017] - Added reference [2] and [3]
[29.01.2017] - Added reference [4]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk