Executive Summary

CVE-2021-35483 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Nokia IMPACT web interface, specifically version 19.11.2.10-20210118042150283.

The vulnerability occurs because the web interface does not properly validate or sanitize parameters received via HTTP requests before storing them on the server.

An authenticated user can upload JavaScript files through the /ui/rest-proxy/application fileupload parameter when adding or editing an application.

When another authenticated user visits the web page where the malicious JavaScript file is published, the script is executed in their browser, potentially compromising security.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker with authenticated access to inject persistent malicious JavaScript code into the Nokia IMPACT web interface.

When other users visit the affected pages, the malicious scripts execute in their browsers, which can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the user.

Such attacks can compromise end-user security and potentially lead to broader system compromise depending on the privileges of the affected users.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by identifying if the Nokia IMPACT web interface version 19.11.2.10-20210118042150283 allows authenticated users to upload JavaScript files via the /ui/rest-proxy/application fileupload parameter.'}, {'type': 'paragraph', 'content': 'One approach is to authenticate to the web interface and attempt to upload a JavaScript file through the fileupload parameter during the addition or editing of an application. If the file is accepted and later executed when visiting the published page, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'Commands or tools to assist detection could include using curl or similar HTTP clients to simulate the file upload with a JavaScript payload, for example:'}, {'type': 'list_item', 'content': 'curl -X POST -F "[email protected]" -b "cookie.txt" https://<target>/ui/rest-proxy/application/fileupload'}, {'type': 'paragraph', 'content': 'After uploading, visiting the affected page in a browser or using automated tools to detect script execution can confirm the presence of the vulnerability.'}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting or disabling the ability for authenticated users to upload JavaScript files via the vulnerable fileupload parameter.

Additionally, applying strict input validation and sanitization on the server side to prevent uploading or storing executable scripts is critical.

If possible, update or patch the Nokia IMPACT software to a version where this vulnerability is fixed.

As a temporary measure, limit access to the web interface to trusted users only and monitor for suspicious file uploads or activity.

Useful 0 Not Useful 0