CVE-2013-6883

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cru-inc:ditto_forensic_fieldstation_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cru-inc:ditto_forensic_fieldstation:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:59

Type Values Removed Values Added
References () http://osvdb.org/100999 - () http://osvdb.org/100999 -
References () http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html - () http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html -
References () http://seclists.org/fulldisclosure/2013/Dec/80 - Exploit () http://seclists.org/fulldisclosure/2013/Dec/80 - Exploit
References () http://secunia.com/advisories/55989 - () http://secunia.com/advisories/55989 -
References () http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a - () http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a -
References () http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a - () http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a -
References () http://www.exploit-db.com/exploits/30396 - () http://www.exploit-db.com/exploits/30396 -

Information

Published : 2013-12-17 16:08

Updated : 2024-11-21 01:59


NVD link : CVE-2013-6883

Mitre link : CVE-2013-6883

CVE.ORG link : CVE-2013-6883


JSON object : View

Products Affected

cru-inc

  • ditto_forensic_fieldstation_firmware
  • ditto_forensic_fieldstation
CWE
CWE-352

Cross-Site Request Forgery (CSRF)