CVE-2023-46595: CVE-2023-46595

Net-NTLM leak via HTML injection vulnerability

Announced

2023-11-02

Impact

Medium

Base CVSS Score

5.9

Product

AlgoSec FireFlow

Affected Versions

A32.20 (up to build b560)

A32.50 (up to build b390)

A32.60 (up to build 210)

Fixed in Version

A32.20 (b570 and above)

A32.50 (b400 and above)

A32.60 (b220 and above)

Tester

Michał Bogdanowicz from Nordea Bank ABP

****Description****

AlgoSec FireFlow VisualFlow workflow editor allows saving workflow entities with special html characters in the Name and Description fields, which is further displayed and executed on the Workflows List page in the application. This vulnerability also impacts Workflow editor’s outbound actions via Name and Category fields, which is displayed and executed on the Workflow Entity page.

By abusing this behavior, it is possible to obtain the victim’s domain credentials: Net-NTLM hash, and thus open the way to relay domain attacks.

Issues addressed as part of this vulnerability

• Net-NTLM leak via stored HTML injection in FireFlow’s VisualFlow workflow editor using Name and Description parameters.

• Net-NTLM leak via stored HTML injection in FireFlow’s VisualFlow workflow editor using outbound actions Name and Category parameters

****Solution****

Upgrade ASMS to the fixed build as forbidden characters are escaped in all affected fields of AlgoSec FireFlow VisualFlow workflow editor.

References

• CVE-2023-46595 in cve.org