CVE-2015-2248

2015-05-0115:59:04

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-2248

cross-site request forgery

csrf vulnerability

dell sonicwall

secure remote access

sra

hijack authentication

crafted request

cgi-bin/editbookmark

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

JSON

Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.

Affected configurations

NVD

Node

sonicwallremote_access_firmwareRange<7.5.1.0-38sv

sonicwallremote_access_firmwareRange8.0.0.0–8.0.0.1-16sv

CPENameOperatorVersion
sonicwall:remote_access_firmwaresonicwall remote access firmwarelt7.5.1.0-38sv
sonicwall:remote_access_firmwaresonicwall remote access firmwarelt8.0.0.1-16sv

CPE	Name	Operator	Version
sonicwall:remote_access_firmware	sonicwall remote access firmware	lt	7.5.1.0-38sv
sonicwall:remote_access_firmware	sonicwall remote access firmware	lt	8.0.0.1-16sv