| Vulnerability Name: | CVE-2012-2447 (CCN-76819) | ||||||||
| Assigned: | 2012-07-09 | ||||||||
| Published: | 2012-07-09 | ||||||||
| Updated: | 2012-07-10 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-352 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-2447 Source: CCN Type: Netsweeper Web site Netsweeper Source: MISC Type: Exploit http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html Source: CCN Type: Packetstorm Security Website Netsweeper WebAdmin Portal CSRF / XSS / SQL Injection Source: CCN Type: SA49801 Netsweeper Cross-Site Scripting and Request Forgery Vulnerabilities Source: CCN Type: US-CERT VU#763795 Netsweeper Internet Filter WebAdmin Portal multiple vulnerabilities Source: CERT-VN Type: US Government Resource VU#763795 Source: CCN Type: OSVDB ID: 83698 Netsweeper Admin Addition CSRF Source: CCN Type: BID-54355 Netsweeper Cross Site Scripting and Cross Site Request Forgery Vulnerabilities Source: XF Type: UNKNOWN netsweeper-adminupdate-csrf(76819) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [07-10-2012] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [09-17-2012] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||