CVE-2017-6086

Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2017/05/03/7	Exploit Mailing List Third Party Advisory
https://www.exploit-db.com/exploits/41967/

Configurations

Configuration 1 (hide)

cpe:2.3:a:vimbadmin:vimbadmin:3.0.15:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-06-27 20:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-6086

Mitre link : CVE-2017-6086

CVE.ORG link : CVE-2017-6086

JSON object : View

Products Affected

vimbadmin

vimbadmin

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2017-6086", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-06-27T20:29:01.010", "references": [{"url": "http://www.openwall.com/lists/oss-security/2017/05/03/7", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/41967/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site request forgery (CSRF) en las funciones addAction y purgeAction en ViMbAdmin versi\u00f3n 3.0.15, permiten a los atacantes remotos secuestrar la identificaci\u00f3n de administradores registrados para (1) agregar un usuario administrador por medio de una petici\u00f3n POST especialmente dise\u00f1ada en /application/controllers/DomainController.php, (2) eliminar un usuario administrador por medio de una petici\u00f3n GET especialmente dise\u00f1ada en /application/controllers/DomainController.php, (3) cambiar un administrador contrase\u00f1a por medio de una petici\u00f3n POST especialmente dise\u00f1ada en /application/controllers/DomainController.php, (4) a\u00f1adir un buz\u00f3n por medio de una petici\u00f3n POST especialmente dise\u00f1ada en /application/controllers/MailboxController.php, (5) eliminar un Buz\u00f3n de correo por medio de una petici\u00f3n POST especialmente dise\u00f1ada en /application/controllers/MailboxController.php, (6) archivar una direcci\u00f3n de buz\u00f3n por medio de una petici\u00f3n GET especialment dise\u00f1ada en /application/controllers/ArchiveController.php, (7) a\u00f1adir una direcci\u00f3n de alias por medio de una petici\u00f3n POST especialmente dise\u00f1ada en /application/controllers/AliasController.php, o (8) eliminar una direcci\u00f3n de alias por medio de una petici\u00f3n GET especialmente dise\u00f1ada en /application/controllers/AliasController.php."}], "lastModified": "2017-08-16T01:29:18.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vimbadmin:vimbadmin:3.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E264D9F-A7D6-4DCA-AE55-AFB9CD71B3EC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}