{"vuid":"VU#241508","idnumber":"241508","name":"CacheGuard OS contains a cross-site request forgery vulnerability","keywords":["cacheguard","csrf","cwe-352"],"overview":"CacheGuard OS v5.7.7 does not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery (CSRF) vulnerability.","clean_desc":"CWE-352: Cross-Site Request Forgery (CSRF)\nCacheGuard OS v5.7.7 does not sufficiently verify whether a valid request was intentionally provided by the user. The cross-site request forgery (CSRF) vulnerability lies in /gui/password-wadmin.apl","impact":"A remote unauthenticated attacker may be able to trick an authenticated user into clicking a specially crafted link, resulting in settings modification or privilege escalation.","resolution":"Apply an Update\nCacheGuard NG 1.0.0 has been reported to fix this vulnerability.","workarounds":"","sysaffected":"","thanks":"Thanks to William Costa for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://www.cacheguard.com/","http://cwe.mitre.org/data/definitions/352.html"],"cveids":["CVE-2014-4865"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-03-05T18:56:40Z","publicdate":"2014-09-10T00:00:00Z","datefirstpublished":"2014-09-10T15:31:48Z","dateupdated":"2014-09-10T15:31:50Z","revision":8,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"P","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6","cvss_basevector":"AV:N/AC:M/Au:S/C:P/I:P/A:P","cvss_temporalscore":"4.7","cvss_environmentalscore":"3.52111410469744","cvss_environmentalvector":"CDP:N/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}