Executive Summary

This vulnerability is a Stored HTML Injection found in the Credentials Manager feature of Guardian/CMC software versions before 26.1.0. It occurs because the system does not properly validate input parameters, allowing an authenticated administrator to insert malicious HTML tags into an identity definition.

When another user tries to delete this compromised identity, the injected HTML executes in their browser. This can lead to phishing attacks or open redirect exploits. However, full cross-site scripting (XSS) attacks and direct data disclosure are prevented by existing input validation and Content Security Policy settings.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability involves stored HTML injection that can enable phishing and open redirect attacks, which may increase the risk of unauthorized access or social engineering attacks.

Although full cross-site scripting exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy, the presence of this vulnerability could still pose compliance challenges by potentially exposing users to phishing attacks.

Organizations subject to standards like GDPR or HIPAA, which require protection of personal data and secure access controls, might find this vulnerability relevant as it could indirectly impact data security and user trust.

Mitigation steps such as upgrading to version 26.1.0 or later, restricting access via internal firewall rules, auditing administrative accounts, and reviewing stored identities are recommended to reduce risk and support compliance efforts.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can impact you by enabling phishing attacks or open redirect exploits when a user deletes a maliciously crafted identity. This could trick users into revealing sensitive information or redirect them to malicious websites.

Although the risk is medium and full XSS exploitation or direct information disclosure is mitigated, the presence of malicious HTML execution in a user's browser can still compromise user trust and security.

To mitigate this risk, it is recommended to upgrade to version 26.1.0 or later, restrict access to the web management interface using internal firewall rules, audit administrative accounts, and review stored identities in the Credentials Manager.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by auditing the stored identities in the Credentials Manager for any malicious HTML tags injected by authenticated administrators.

Additionally, reviewing administrative accounts for suspicious activity and access patterns can help identify potential exploitation attempts.

Since the vulnerability involves injected HTML in identity definitions, commands or scripts that extract and search for HTML tags within stored identities could be used.

• Use web management interface logs or export stored identities and grep for suspicious HTML tags such as <script>, <iframe>, or other HTML elements.
• Audit administrative user actions and check for recent changes to identities that might contain injected HTML.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading the Guardian/CMC software to version 26.1.0 or later, where this vulnerability is resolved.

Restrict access to the web management interface by implementing internal firewall rules to limit administrative access.

Audit administrative accounts to ensure only authorized users have access and review stored identities in the Credentials Manager for any malicious HTML injections.

Useful 0 Not Useful 0