CVE-2023-5771 - Stored XSS Vulnerability in Proofpoint Enterprise Protection AdminUI

Proofpoint Enterprise Protection, a leading email security product for organizations, has been found to contain a serious stored Cross-Site Scripting (XSS) vulnerability (CVE-2023-5771) that affects its AdminUI. This vulnerability allows an unauthenticated attacker to send a specially-crafted email with HTML in the subject, which triggers XSS when viewing quarantined messages. The issue impacts Proofpoint Enterprise Protection from version 8.20. before patch 4796, version 8.18.6 before patch 4795, and all other prior versions.

Vulnerability Details

A stored Cross-Site Scripting (XSS) vulnerability exists in the Proofpoint Enterprise Protection AdminUI due to improper validation of user-supplied email content. By exploiting this vulnerability, an attacker can send an email containing malicious HTML in the subject field. When the email gets quarantined and an administrator views the quarantined messages through the AdminUI, the malicious HTML in the subject field gets executed. This can lead to the manipulation or theft of sensitive information, as well as further attacks on the system.

The following represents a simple code snippet that demonstrates the exploit

Subject: <script>alert('XSS Vulnerability in Proofpoint');</script> CVE-2023-5771 Exploit Demo

After a vulnerable instance of Proofpoint Enterprise Protection quarantines this email, viewing the quarantined messages in the AdminUI can cause the JavaScript code in the subject to run.

Original References

For more information on this vulnerability and its impact, please refer to the following authoritative sources:

1. CVE Report
2. Proofpoint Official Advisory

Mitigation and Remediation Steps

Proofpoint has released patches to address this vulnerability, which can be applied to resolve the issue. Users of affected versions should update their Proofpoint Enterprise Protection installations to the following versions as soon as possible:

If using Proofpoint Enterprise Protection version 8.18.6, update to patch 4795 or later.

- For all other prior versions, consult the Proofpoint Official Advisory for appropriate guidance.

Conclusion

This stored XSS vulnerability (CVE-2023-5771) in Proofpoint Enterprise Protection can have serious implications for organizations utilizing the product to ensure email security. It is vital for administrators to apply the provided patches and ensure their systems are updated to protect against potential exploitation of this vulnerability. In addition, organizations should adopt a proactive approach to securing their systems and networks to prevent similar vulnerabilities from being exploited in the future.

Timeline

Published on: 11/06/2023 21:15:10 UTC
Last modified on: 11/14/2023 19:02:58 UTC