CVE-2019-16104

Vulnerability

The Silver Peak EdgeConnect SD-WAN appliance, versions prior to 8.1.7.x, contains a reflected Cross-Site Scripting (XSS) vulnerability in the rest/json/configdb/download/ endpoint. This issue is documented in [1]. An attacker can inject arbitrary JavaScript code through the PATH_INFO parameter, which is then reflected back to the user without proper sanitization or encoding.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL that includes the XSS payload in the PATH_INFO segment of the request to the vulnerable endpoint. The attacker does not require authentication, but must convince a victim user to click on the crafted link (user interaction required). The payload is executed in the browser of the victim when the crafted URL is accessed, within the security context of the target application [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser, within the origin of the EdgeConnect SD-WAN management interface. This can lead to session hijacking, credential theft, or other actions that the victim can perform on the application, compromising the confidentiality, integrity, and availability of the affected system [1].

Mitigation

The vulnerability is fixed in Silver Peak EdgeConnect SD-WAN release 8.1.7.x and later. Users should upgrade to a patched version. If upgrading is not possible, restrict network access to the management interface to trusted users only and enable web application firewall (WAF) rules that filter malicious input in PATH_INFO [1].