Multiple Vulnerabilities in Ektron's Web Content Management System Could Allow Remote Code Execution
MS-ISAC ADVISORY NUMBER:2015-011
Multiple vulnerabilities have been discovered in Ektron's Enterprise Web Content Management System that can lead to remote code execution. Ektron's Content Management System is an ASP based content manager used to create, deploy and manage personalized websites. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the content management system. Depending on the privileges associated with the application, an attacker could execute arbitrary code in the context of the application, and bypass security restrictions.
At this time CIS is not aware of this vulnerability being used in the wild.
- Ektron CMS Versions 8.5, 8.7, and 9.1.
- Large and medium government entities: HIGH
- Small government entities: HIGH
- Large and medium business entities: HIGH
- Small business entities: HIGH
Two vulnerabilities have been discovered in Ektron's Content Management System which could lead to remote code execution.
Improper Restriction of XML External Entity Reference (CVE-2015-0923):
This vulnerability is found in the ‘xslt’ parameter for the ‘ContentBlockEx’ method within the ‘/Workarea/ServerControlWS.asmx’ file. This vulnerability could allow an attacker to read arbitrary files.
Improper Control of Resource Identifiers (CVE-2015-0931):
This vulnerability is due to improper configurations in the XML parser. If an attacker specifies the use of the Saxon XSLT parser when handling XSLT files and attacker can provide a maliciously crated file, which could allow the attacker to run arbitrary code with the same permission level as the application.
Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the content management system, or allowing them to view sensitive information. Depending on the privileges associated with the application, an attacker could execute arbitrary code in the context of the application, and bypass security restrictions. In addition, failed attacks may cause denial-of-service conditions.
Verify no unauthorized modifications occurred to the system before installing patches.
Install updates provided by Ektron immediately after appropriate testing.
Limit access to the Ektron CMS from public Internet.