Lucene search

K

PRIOn knowledge basePRION:CVE-2015-2295

HistoryApr 10, 2015 - 3:00 p.m.

Cross site request forgery (csrf)

2015-04-1015:00:00

PRIOn knowledge base

www.prio-n.com

6

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.806 High

EPSS

Percentile

98.2%

Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.

CPENameOperatorVersion
pfsensele2.2

References

packetstormsecurity.com/files/131022/pfSense-2.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/534987/100/0/threaded

www.securityfocus.com/bid/73344

www.exploit-db.com/exploits/36506/

www.htbridge.com/advisory/HTB23251

www.pfsense.org/security/advisories/pfSense-SA-15_04.webgui.asc

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.806 High

EPSS

Percentile

98.2%

Related for PRION:CVE-2015-2295

cve1 zdt1 checkpoint_advisories1 htbridge1 openvas1 securityvulns2 packetstorm1 nessus1 exploitpack1 exploitdb1