CVE-2015-7925

{"id": "CVE-2015-7925", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2015-12-23T11:59:01.143", "references": [{"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://seclists.org/fulldisclosure/2015/Dec/118", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/79625", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en dispositivos eWON con firmware hasta la versi\u00f3n 10.1s0 permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para peticiones que desencandenan actualizaciones de firmware, eliminaci\u00f3n de datos de configuraci\u00f3n o un reinicio."}], "lastModified": "2016-12-07T18:25:34.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ewon:ewon_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B6FE7FC-1FA5-4300-B026-053085FF0420", "versionEndIncluding": "10.0s0"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}