Ektron CMS unauthenticated code execution and Local File Read
Description
Ektron CMS contains two critical vulnerabilities that allow unauthenticated attackers to compromise the application. CVE-2012-5357 enables remote code execution through unsafe XSLT processing, where the application uses XslCompiledTransform with scripting enabled on user-controlled input without requiring authentication. CVE-2012-5358 allows arbitrary file disclosure through the document() function in XSLT transformations, enabling attackers to read sensitive configuration files such as web.config and machine.config. Together, these vulnerabilities provide a complete attack path from unauthenticated access to full system compromise.
Remediation
Immediately upgrade Ektron CMS to the latest patched version that addresses CVE-2012-5357 and CVE-2012-5358. If immediate patching is not possible, implement the following temporary mitigations:
1. Disable XSLT script execution: Ensure XslCompiledTransform is configured with scripting disabled:
XsltSettings settings = new XsltSettings(false, false); XslCompiledTransform transform = new XslCompiledTransform(); transform.Load(xslPath, settings, null);
2. Restrict file access: Set enableDocumentFunction to false in XsltSettings to prevent arbitrary file reads.
3. Add authentication: Implement authentication requirements on all XSLT processing endpoints.
4. Network controls: Restrict access to the CMS administrative interfaces using firewall rules or IP allowlisting until patching is complete.