CacheGuard OS v5.7.7 does not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability.
CWE-352: Cross-Site Request Forgery (CSRF)
CacheGuard OS v5.7.7 does not sufficiently verify whether a valid request was intentionally provided by the user. The cross-site request forgery (CSRF) vulnerability lies in
A remote unauthenticated attacker may be able to trick an authenticated user into clicking a specially crafted link, resulting in settings modification or privilege escalation.
Apply an Update
CacheGuard NG 1.0.0 has been reported to fix this vulnerability.
Vendor| Status| Date Notified| Date Updated
CacheGuard Technologies Ltd| | 23 Apr 2014| 05 Sep 2014
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | 6.0 | AV:N/AC:M/Au:S/C:P/I:P/A:P
Temporal | 4.7 | E:POC/RL:OF/RC:C
Environmental | 3.5 | CDP:N/TD:M/CR:ND/IR:ND/AR:ND
Thanks to William Costa for reporting this vulnerability.
This document was written by Chris King.