vendor:
XTMv
by:
KoreLogic
8,8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: XTMv
Affected Version From: v11.12 Build 516911
Affected Version To: v11.12 Build 516911
Patch Exists: YES
Related CWE: N/A
CPE: a:watchguard:xtmv
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Embedded Linux
2017
WatchGuard XTMv User Management Cross-Site Request Forgery
Lack of CSRF protection in the Add User functionality of the XTMv management portal can be leveraged to create arbitrary administrator-level accounts.
Mitigation:
Implement CSRF protection for the Add User functionality of the XTMv management portal.
