CIS Logo
tagline: Confidence in the Connected World
HomeResourcesAdvisoriesMultiple Vulnerabilities in Ektron’s Web Content Management System Could Allow Remote Code Execution

Multiple Vulnerabilities in Ektron's Web Content Management System Could Allow Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2015-011

DATE(S) ISSUED:

02/05/2015

OVERVIEW:

Multiple vulnerabilities have been discovered in Ektron's Enterprise Web Content Management System that can lead to remote code execution. Ektron's Content Management System is an ASP based content manager used to create, deploy and manage personalized websites. Successful exploitation of this vulnerability could result in an attacker gaining the same privileges as the content management system. Depending on the privileges associated with the application, an attacker could execute arbitrary code in the context of the application, and bypass security restrictions.

THREAT INTELLIGENCE:

At this time CIS is not aware of this vulnerability being used in the wild.

SYSTEMS AFFECTED:

  • Ektron CMS Versions 8.5, 8.7, and 9.1.

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
N/A

TECHNICAL SUMMARY:

Two vulnerabilities have been discovered in Ektron's Content Management System which could lead to remote code execution.

Improper Restriction of XML External Entity Reference (CVE-2015-0923):

This vulnerability is found in the ‘xslt’ parameter for the ‘ContentBlockEx’ method within the ‘/Workarea/ServerControlWS.asmx’ file. This vulnerability could allow an attacker to read arbitrary files.

Improper Control of Resource Identifiers (CVE-2015-0931):

This vulnerability is due to improper configurations in the XML parser. If an attacker specifies the use of the Saxon XSLT parser when handling XSLT files and attacker can provide a maliciously crated file, which could allow the attacker to run arbitrary code with the same permission level as the application.

Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the content management system, or allowing them to view sensitive information. Depending on the privileges associated with the application, an attacker could execute arbitrary code in the context of the application, and bypass security restrictions. In addition, failed attacks may cause denial-of-service conditions.

RECOMENDATIONS:

Verify no unauthorized modifications occurred to the system before installing patches.
Install updates provided by Ektron immediately after appropriate testing.
Limit access to the Ektron CMS from public Internet.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories