PT-2015-6919 · Watchguard · Watchguard Xcs

Daniel Jensen

Publicado

2015-07-08

Atualizado

2016-11-28

CVE-2015-5452

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Watchguard XCS versions 9.2 through 10.0 before build 150522

Description The issue allows remote attackers to execute arbitrary SQL commands via the sid cookie. This can be achieved by sending a request to the "borderpost/imp/compose.php3" endpoint.

Recommendations For Watchguard XCS versions 9.2 through 10.0 before build 150522, consider updating to a version after build 150522 to resolve the issue. As a temporary workaround, restrict access to the "borderpost/imp/compose.php3" endpoint and avoid using the sid cookie until a patch is available.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2015-5452

Produtos afetados

Watchguard Xcs

PT-2015-6919 · Watchguard · Watchguard Xcs

CVE-2015-5452

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10