CVE-2012-2605
Published Jun 13, 2012
Last updated 12 years ago
Overview
- Description
- Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients.
- Source
- cret@cert.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bradfordnetworks:network_sentry_appliance_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EF852E8-8717-44E8-93E5-CCC5D5E3D698",
"versionEndIncluding": "5.3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:bradfordnetworks:network_sentry_appliance:ns500rx:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33A75E86-3D97-4276-A281-D290F92E17E2"
},
{
"criteria": "cpe:2.3:h:bradfordnetworks:network_sentry_appliance:ns500x:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2331045-488B-4448-B8C4-641FD3E0483D"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]