iam not sure how smart nessus is but we have a 20sec. delay because of access to google is not possible in our management network and this will slow down OMSA when using a normal browser.
The remote web server hosts CGI scripts that fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host.
Note that this script uses a time-based detection method which is less reliable than the basic method.
By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database.
An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.
Note that this script is experimental and may be prone to false positives.
43160 - CGI Generic SQL Injection (blind, time based)
-
Description
By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database.
An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.
Note that this script is experimental and may be prone to false positives.
OMSA does not use SQL and cannot parse SQL syntax so it would not be applicable.
The other one is not applicable either. It is referencing /help/omahip/en/search.html which is just the mechanism that the OMSA Online Help is launched.search.html is the mechanism for how it pulls the relevant page to where you are and the search query isn't going to provide an attacker anything.
Dell-Martin S
Moderator
•
3.6K Posts
0
January 13th, 2022 05:00
Hi kevins,
thank you for your feedback i will forward this to our Software team.
Did you try also our newest Version( 10.2)?
https://dell.to/33pX2PL
Did you have any further questions?
Regards Martin
kevins7189-2
1 Rookie
•
9 Posts
0
January 16th, 2022 06:00
struggling to find 10.2 in a Redhat version.
Origin3k
4 Operator
•
2.4K Posts
0
January 16th, 2022 14:00
@Dell-Martin S
maybe you can also ask why a management application try to download external stuff and may leak sensitive information because of query to "https://fonts.googleapis.com/css?family=Noto+Sans+JP:300,400,500,700|Noto+Sans+KR:300,400,500,700|Noto+Sans+SC:300,400,500,700|Noto+Sans+TC:300,400,500,700|Noto+Sans:400,400i,700,700i|Roboto:300,300i,400,400i,500,500i,700,700i&display=swap&subset=chinese-simplified,chinese-traditional,japanese,korean"
@kevins7189-2
iam not sure how smart nessus is but we have a 20sec. delay because of access to google is not possible in our management network and this will slow down OMSA when using a normal browser.
Regards,
Joerg
DELL-Charles R
Moderator
•
4.7K Posts
0
April 13th, 2022 12:00
Hello laakins,
I am not finding anything related in our Security Advisories and Notices:
https://dell.to/36gGNXa
I will do some checking and update you.
laakins
1 Message
0
April 13th, 2022 12:00
We are running 10.2 and get the same Nessus plugin output in addition to two additional CGI related findings. Any help would be greatly appreciated.
44967 - CGI Generic Command Execution (time-based)
Note that this script uses a time-based detection method which is less reliable than the basic method.
Using the GET HTTP method, Nessus found that :
+ The following resources may be vulnerable to arbitrary command execution (time based) :
+ The 'searchQuery' parameter of the /help/omahip/en/search.html CGI :
/help/omahip/en/search.html?searchQuery=%26%20ping%20-n%2021%20127.0.0.1
%20%26
-------- output --------
------------------------
An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.
Note that this script is experimental and may be prone to false positives.
+ The following resources may be vulnerable to blind SQL injection :
+ The 'app' parameter of the /HelpViewer CGI :
/HelpViewer?file=Redirect&app=oma'||'Redirect&app=oma
-------- output --------
HTTP/1.1 302
-------- vs --------
HTTP/1.1 400
------------------------
Clicking directly on these URLs should exhibit the issue :
(you will probably need to read the HTML source)
An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.
Note that this script is experimental and may be prone to false positives.
+ The following resources may be vulnerable to blind SQL injection (time based) :
+ The 'searchQuery' parameter of the /help/omahip/en/search.html CGI :
/help/omahip/en/search.html?searchQuery='%20AND%20SLEEP(21)='
-------- output --------
------------------------
DELL-Charles R
Moderator
•
4.7K Posts
0
April 14th, 2022 13:00
Hello laakins,
This was decided as not an issue for OMSA.
OMSA does not use SQL and cannot parse SQL syntax so it would not be applicable.
The other one is not applicable either. It is referencing /help/omahip/en/search.html which is just the mechanism that the OMSA Online Help is launched. search.html is the mechanism for how it pulls the relevant page to where you are and the search query isn't going to provide an attacker anything.