Multiple vulnerabilities in FireEye products

Posted date 10/01/2024
Identificador
INCIBE-2024-0010
Importance
3 - Medium
Affected Resources
  • FireEye Central Management, 9.1.1.956704 version.
  • FireEye Endpoint Security, 5.2.0.958244 version.
  • FireEye EX, 9.0.3.936727 version.
  • FireEye HXTool, 4.6 version.
  • FireEye Malware Analysis (AX), 9.0.3.936530 version.
Description

INCIBE has coordinated the publication of 7 vulnerabilities affecting multiple FireEye products, which have been discovered by Albert Sánchez Miñano.

These vulnerabilities have been assigned the following base scores CVSS v3.1, CVSS vectors and CWE vulnerability types:

  • CVE-2024-0314: CVSS v3.1: 5.4 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.
  • CVE-2024-0315: CVSS v3.1: 6.6 | CVSS: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L | CWE-98.
  • CVE-2024-0316: CVSS v3.1: 6.8 | CVSS: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | CWE-460.
  • CVE-2024-0317: CVSS v3.1: 5.4 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.
  • CVE-2024-0318: CVSS v3.1: 5.4 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.
  • CVE-2024-0319: CVSS v3.1: 5.4 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-601.
  • CVE-2024-0320: CVSS v3.1: 5.4 | CVSS: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | CWE-79.
Solution

The FireEye team is working on fixing the reported vulnerabilities. It is recommended to update affected products to the latest version available.

Detail
  • CVE-2024-0314: XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.
  • CVE-2024-0315: remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.
  • CVE-2024-0316: improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.
  • CVE-2024-0317: Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.
  • CVE-2024-0318: Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.
  • CVE-2024-0319: Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.
  • CVE-2024-0320: Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.