Main Vulnerability Database Vulnerabilities #VU8010

#VU8010 Cross-site request forgery in Westermo products - CVE-2017-12703

Published: August 25, 2017

Vulnerability identifier: #VU8010

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-12703

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
MRD-455
MRD-355
MRD-315
MRD-305-DIN

Software vendor:
Westermo

Description

The vulnerability allows a remote unauthenticated attacker to perform CSRF attack.

The weakness exists due to a lack of defense against cross-site request forgery (CSRF) attacks. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.

Remediation

Update firmware to version 1.7.7.0

External links

https://ics-cert.us-cert.gov/advisories/ICSA-17-236-01

#VU8010 Cross-site request forgery in Westermo products - CVE-2017-12703

Description

Remediation

External links

Please verify you're human