Published: 23/10/2017 Updated: 09/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote malicious users to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.

Vulnerable Product	Search on Vulmon	Subscribe to Product
watchguard hawkeye g 3.0.1.4912

# Exploit Title: CSRF, Network Threat Appliance IDS / IPS # Google Dork: intitle: CSRF Network Threat Appliance IDS / IPS # Date: 2015-07-24 # Exploit Author: John Page ( hyp3rlinx ) # Website: hyp3rlinxaltervistaorg # Vendor Homepage: wwwhexiscybercom # Software Link: wwwhexiscybercom/products/hawkeye-g # Version: v3014912 # Tested on ...

Hawkeye-G version 3014912 suffers from multiple cross site request forgery vulnerabilities ...

CWE-352 https://www.exploit-db.com/exploits/37686/http://www.securityfocus.com/archive/1/536076/100/0/threaded http://www.securityfocus.com/archive/1/536074/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/37686/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-2878

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect