CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
88.2%
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.
Vendor | Product | Version | CPE |
---|---|---|---|
sonicwall | remote_access_firmware | * | cpe:2.3:o:sonicwall:remote_access_firmware:*:*:*:*:*:*:*:* |
packetstormsecurity.com/files/131762/Dell-SonicWALL-Secure-Remote-Access-7.5-8.0-CSRF.html
www.scip.ch/en/?vuldb.75111
www.securityfocus.com/bid/73098
www.securitytracker.com/id/1032227
support.software.dell.com/product-notification/151370?productName=SonicWALL%20SRA%20Series
www.exploit-db.com/exploits/36940/