CVE-2022-40494 NPS before v0.26.10 had an authentication bypass vulnerability that constantly generated and sent the Auth key and Timestamp parameters.

This can be leveraged to bypass authentication and obtain sensitive information such as user names, email addresses, and other login details.

NPS before v0.26.10 also had a stored XSS vulnerability via the Contact and Company fields. An attacker can leverage this stored XSS to inject arbitrary JavaScript into the affected website.

Both of these vulnerabilities have been patched in NPS v0.26.10.

In addition to these security issues, NPS before v0.26.10 also had a privilege escalation vulnerability via the Enforce/Allowed_Products setting. It is possible for a low-privilege user to elevate their permissions to root by changing the Enforce/Allowed_Products setting.

NPS before v0.26.10 also had a cross-site request forgery (CSRF) vulnerability that could be exploited by an attacker to compromise the account of another user.

These issues have been patched in NPS v0.26.10. However, it is always a good idea to update to the latest version of an application as soon as possible.

Check installed version of NPS

NPS before v0.26.10 has multiple vulnerabilities that need to be patched. It is recommended to update to the latest version of NPS, which patched both these vulnerabilities in v0.26.10.

NPS Vulnerability FAQs

Q: What is a stored XSS vulnerability?
Stored XSS vulnerabilities occur when an application stores user data in a database or other secondary storage mechanism that is subsequently accessed by other users. When a saved value (such as a cookie) is accessed, the attacker’s JavaScript payload is executed. This allows an attacker to take control of the victim’s session and potentially execute malicious actions on the victim’s behalf.
NPS v0.26.10 had a stored XSS vulnerability in the Contact and Company fields. An attacker can leverage this stored XSS to inject arbitrary JavaScript into the affected website.
Q: What is privilege escalation?
Privilege escalation occurs when low-privileged accounts have permissions that should be reserved for higher-privileged accounts. For example, a low-privilege user has permission to read their own account settings, but they shouldn’t have permission to change those settings because they are not allowed access to the settings of other users or groups of users. It is possible for a low-privilege user to elevate their permissions to root by changing the Enforce/Allowed_Products setting without having any privileged account rights that would normally confer that level of access on them.
NPS before v0.26.10 also had a privilege escalation vulnerability via the Enforce/Allowed_Products setting which could allow an attacker with low privileges to elevate their privileges indefinitely until they ran out of available products for which

Timeline

Published on: 10/06/2022 22:15:00 UTC
Last modified on: 10/13/2022 13:36:00 UTC

References

• https://blog.carrot2.cn/2022/08/cve-2022-40494.html
• https://github.com/1security/Vulnerability/blob/main/web/nps/1.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40494