SNMP can be abused for Cross Site Scripting Attack

It’s yet another new spin on a pervasive attack -- this time using the old standby Simple Network Management Protocol (SNMP) to stage cross-site scripting (XSS) attacks.

XSS, which basically forces a Website to echo malicious code that then gets loaded into a user's browser, is one of the most common vulnerabilities in Web applications. Researchers with ProCheckUp Ltd. recently discovered what they think may be a new type of attack vector, using SNMP to create a “persistent XSS” attack. Persistent XSS is a more powerful XSS attack where malicious code is stored on a Website for a period of time, and all the user has to do is view the page to get infected.

With SNMP, the attacker changes parameters in the device to then launch a persistent XSS attack. ProCheckUp found the SNMP-XSS vulnerability, as well as several others, while researching ZyXEL’s Prestige router products, which are commonly used in home, SOHO, and ISP networks.

"I believe that this is a totally brand new attack which I suspect affects many other appliances from other vendors," says Adrian Pastor, a security consultant with ProCheckUp.

Pastor demonstrated a proof-of-concept for this attack in a report he wrote on his findings. "In my paper, I included a proof-of-concept JavaScript piece of code that performs a phishing attack as an attempt to steal the admin password, which gets sent to the attacker's site," he says.