Main Vulnerability Database Vulnerabilities #VU7234

#VU7234 Cross-site request forgery in Kaspersky Anti-Virus - CVE-2017-9813

Published: June 29, 2017 / Updated: September 14, 2018

Vulnerability identifier: #VU7234

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-9813

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Kaspersky Anti-Virus

Software vendor:
Kaspersky Lab

Description

The vulnerability allows a remote attacker to perform CSRF attacks.

The vulnerability exists due to improper validation of HTML code from user-supplied input by the Web Management Console. A remote attacker can execute arbitrary scripting code that originate from the site running the Kaspersky Anti-Virus software and will run in the security context of that site and access the target user's cookies (including authentication cookies)

Successful exploitation of the vulnerability may result in cross-site request forgery conducting.

Remediation

Update to version 8.0.4.312.

External links

https://support.kaspersky.com/vulnerability.aspx?el=12430#280617

#VU7234 Cross-site request forgery in Kaspersky Anti-Virus - CVE-2017-9813

Description

Remediation

External links

Please verify you're human