Published: 2020-03-19   Modified: 2020-03-20

Description:
A CSRF vulnerability exists in NETSAS ENIGMA NMS version 65.0.0 and prior that could allow an attacker to be able to trick a victim into submitting a malicious manage_files.cgi request. This can be triggered via XSS or an IFRAME tag included within the site.

See advisories in our WLB2 database:

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore

6.8/10

6.4/10

8.6/10

Exploit range
Attack complexity
Authentication

Remote

Medium

No required

Confidentiality impact
Integrity impact
Availability impact

Partial

Partial

Partial

 References:

(CVE-2019-16061 –> CVE-2019-16072) Enigma NMS Multiple Vulnerabilities

closedb();
?>


Copyright 2020, cxsecurity.com

 



Source link

You must be logged in to post a comment.