New Dynamic Threat Update Available for Aruba Cross-site Scripting Vulnerability
Author/Blog Contributor - Jesse Frankel, Product Manager, Fluke Networks
Date: August 01, 2011
Recently Aruba Networks issued an advisory on a Cross Site Scripting vulnerability in their ArubaOS and AirWave web management interfaces. A malicious user could plant a physical or soft AP anywhere near the WLAN and broadcast a specific SSID that contains Cross-site scripting content. Once the Aruba system records that malicious SSID and an unsuspecting admin runs a report and clicks on the link that contains the malicious SSID, it is possible to create a Cross-site scripting condition. A Cross-site scripting condition is where a user injects the client side script into the browser. In the Aruba case, it's the Access Point that is injecting the client side script. This could potentially execute commands on the systems with admin credentials.
Cross-site scripting attacks are typically targeted at web applications by injecting a client side script into the web page. What type of web applications? Any web site that contain forms to input data, or in Aruba's case, the system already wrote the information of the malicious Access Point into the database, so any time a user clicks on a link that contains the Cross-site scripted name, the client side script will be executed.
What makes this particular attack interesting is the use of a wireless access point or device that is broadcasting the vulnerability. This makes it extremely easy to target WLAN networks. The system monitoring the WLAN only needs to see the malicious SSID one time so it gets recorded in the database. Next time the WLAN admin runs any web pages that are susceptible to Cross-site scripting vulnerabilities, they will inadvertently execute the client side script that was injected in the web page and potentially compromise the system.
To address this vulnerability, the AirMagnet team at Fluke Networks has quickly released a new signature to alert when these types of devices are broadcasting malicious SSIDs. Through the new Dynamic Threat Update technology available in AirMagnet Enterprise 9.0, users are instantly protected with no need to manually download and upgrade their network.
Jesse Frankel has extensive experience in delivering critical wireless security solutions for enterprise, clinical and government networks. During his 6+ years at AirMagnet he served as Director, System Engineering and as a member of AirMagnet's Wireless Intrusion Research Team.