CVE-2017-8337

Name of the Vulnerable Software and Affected Versions Securifi Almond version AL-R096 Securifi Almond+ version AL-R096 Securifi Almond 2015 version AL-R096

Description The issue allows an attacker to exploit the lack of Origin header check on the web management interface. This enables the attacker to trick a user into navigating to a malicious webpage, brute force the password, and execute actions such as managing rules and sensors attached to the devices using websocket requests.

Recommendations For Securifi Almond version AL-R096, consider disabling access to the web management interface until a patch is available. For Securifi Almond+ version AL-R096, restrict access to the websocket requests to minimize the risk of exploitation. For Securifi Almond 2015 version AL-R096, avoid using the web management interface for sensitive actions until the issue is resolved. As a temporary workaround, consider implementing additional security measures to prevent brute force attacks on the password for the web management interface.