CVE-2015-2878

Name of the Vulnerable Software and Affected Versions Hexis HawkEye G version 3.0.1.4912

Description The issue allows remote attackers to hijack the authentication of administrators for various requests. This can be achieved through multiple cross-site request forgery (CSRF) vulnerabilities. Specifically, attackers can add arbitrary accounts via the name parameter to the "interface/rest/accounts/json" API endpoint. They can also turn off certain sensors, such as Url matching, DNS Inject, or IP Redirect Sensor, in a request to "interface/rest/dpi/setEnabled/1". Furthermore, attackers can perform whitelisting of malware MD5 hash IDs via the id parameter to "interface/rest/md5-threats/whitelist".

Recommendations For Hexis HawkEye G version 3.0.1.4912, consider disabling access to the "interface/rest/accounts/json", "interface/rest/dpi/setEnabled/1", and "interface/rest/md5-threats/whitelist" API endpoints until a patch is available. Restrict the use of the name and id parameters in these endpoints to minimize the risk of exploitation. Additionally, restrict access to the Url matching, DNS Inject, and IP Redirect Sensor features to prevent them from being turned off by unauthorized requests.