This vulnerability does not allow the attacker to gain privileged access to the system the agent is running on and only affects the clients browser system if they happen to be viewing the log configuration screen when the exploit is executed. Because the browser thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with the connection to the agent.
Risk Rating: Low. Access requires the admin password to the agent or root/administrative access to the system to manually change the configuration file or registry keys.
This affects the following Snare Enterprise products:
- Snare Enterprise Epilog for Windows
- Snare Enterprise Epilog for Unix
- Snare OpenSource Agents for Epilog
Always ensure that the agent has a strong administrative password to prevent unauthorised access and changes to the configuration.
The following versions of Snare Enterprise agents, and all versions prior to these versions, should be considered vulnerable to this issue:
- Snare Enterprise Epilog Agent for Windows v1.8.8
- Snare Enterprise Epilog Agent for Unix v1.5.7
All Epilog versions of the listed OpenSource/SnareLite agents, and prior versions, should be considered vulnerable to this issue.
The following versions of the Snare Enterprise agents resolve the issue:
- Snare Enterprise Epilog Agent for Windows v1.8.9
- Snare Enterprise Epilog Agent for Unix v1.5.8
There is no schedule for fixes to the OpenSource/SnareLite agents at this time.
Return to Knowledge Base.