Lucene search

K

[email protected]NVD:CVE-2013-6883

HistoryDec 17, 2013 - 4:08 p.m.

CVE-2013-6883

2013-12-1716:08:51

CWE-352

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.2%

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.

Affected configurations

NVD

Node

cru-incditto_forensic_fieldstation_firmwareRange≤2013oct15a

AND

cru-incditto_forensic_fieldstationMatch-

References

osvdb.org/100999

packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html

seclists.org/fulldisclosure/2013/Dec/80

secunia.com/advisories/55989

www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a

www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a

www.exploit-db.com/exploits/30396

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.2%

Related for NVD:CVE-2013-6883

prion1 cvelist1 cve1 exploitpack1 packetstorm1 exploitdb1