Executive Summary

This vulnerability is a Stored HTML Injection found in the Schedule Restore Archive feature of Guardian and CMC products before version 26.1.0. It occurs because the system does not properly validate an input parameter, allowing an authenticated administrator to insert malicious HTML tags into a restore schedule.

When other users view the affected schedule, the injected HTML executes in their browsers, which can lead to phishing attacks or open redirect attacks. However, full Cross-Site Scripting (XSS) exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows an authenticated administrator to inject malicious HTML into restore schedules, which can lead to phishing and open redirect attacks when viewed by other users.

Although full Cross-Site Scripting exploitation and direct information disclosure are mitigated, the presence of phishing risks could potentially impact compliance with standards and regulations that require protection of user data and prevention of unauthorized access or social engineering attacks, such as GDPR and HIPAA.

Organizations using affected versions should upgrade to version 26.1.0 or later and implement additional security measures like restricting access to the web management interface and reviewing administrative accounts to reduce risk and maintain compliance.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying if your system is running versions of Guardian or CMC products prior to 26.1.0, as these versions are affected by the Stored HTML Injection issue in the Schedule Restore Archive feature.

Since the vulnerability involves an authenticated administrator injecting malicious HTML into restore schedules, detection involves reviewing restore schedule entries for suspicious or unexpected HTML tags.

No specific commands are provided in the available resources for direct detection on the network or system.

Recommended actions include upgrading to version 26.1.0 or later, restricting access to the web management interface via internal firewalls, and reviewing administrative accounts to remove unnecessary ones.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can impact you by enabling an attacker with administrative privileges to inject malicious HTML into restore schedules. When other users view these schedules, the malicious HTML can execute in their browsers, potentially leading to phishing attacks or open redirect attacks.

Although full XSS exploitation and direct information disclosure are mitigated, the risk remains medium, meaning it could still compromise user trust and security through social engineering or redirecting users to malicious sites.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the Stored HTML Injection vulnerability in the Schedule Restore Archive feature, you should upgrade your Guardian and CMC products to version 26.1.0 or later.

• Restrict access to the web management interface using internal firewalls.
• Review administrative accounts and remove any unnecessary ones to limit the number of users who can inject malicious HTML.

Useful 0 Not Useful 0