CVE-2017-9810

Name of the Vulnerable Software and Affected Versions Kaspersky Anti-Virus for Linux File Server versions prior to 8.0.4.312

Description The issue is related to the absence of Anti-CSRF tokens in all forms on the web interface of Kaspersky Anti-Virus for Linux File Server. This could allow a remote attacker to send authenticated requests when an authenticated user views an attacker-controlled domain.

Recommendations For versions prior to 8.0.4.312, update to version 8.0.4.312 or later, which includes Maintenance Pack 2 Critical Fix 4, to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.