#VU8799 Cross-site request forgery in JTC-200 - CVE-2017-5789
Published: October 11, 2017
Vulnerability identifier: #VU8799
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-5789
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
JTC-200
JTC-200
Software vendor:
JanTek Electronics
JanTek Electronics
Description
The vulnerability allows a remote authenticated attacker to perform CSRF attack.
The weakness exists due to a lack of cross-site request forgery (CSRF) protection. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
The weakness exists due to a lack of cross-site request forgery (CSRF) protection. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
Remediation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.