- Description
- Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20031001:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23C143C9-B4C9-4AED-8698-3A6BAB40E5B6"
},
{
"criteria": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20060921:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEC5A842-DDBB-4140-8A82-D6E5B5443501"
},
{
"criteria": "cpe:2.3:h:esoft:instagate_ex2_utm:firmware_3.1.20070605:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A374FD80-4BDE-4E07-8E72-C651C42C6C28"
}
],
"operator": "OR"
}
]
}
]