ID:1253 - Exploit for Cross-site request forgery in Kaspersky Anti-Virus - CVE-2017-9813

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:1253 - Exploit for Cross-site request forgery in Kaspersky Anti-Virus - CVE-2017-9813

ID:1253 - Exploit for Cross-site request forgery in Kaspersky Anti-Virus - CVE-2017-9813

Published: March 18, 2020


Vulnerability identifier: #VU7234
Vulnerability risk: Low
CVE-ID: CVE-2017-9813
CWE-ID: CWE-352
Exploitation vector: Remote access
Vulnerable software:
Kaspersky Anti-Virus

Link to public exploit:


Vulnerability description

The vulnerability allows a remote attacker to perform CSRF attacks.

The vulnerability exists due to improper validation of HTML code from user-supplied input by the Web Management Console. A remote attacker can execute arbitrary scripting code that originate from the site running the Kaspersky Anti-Virus software and will run in the security context of that site and access the target user's cookies (including authentication cookies)

Successful exploitation of the vulnerability may result in cross-site request forgery conducting.

Remediation

Update to version 8.0.4.312.