CVE-2018-19525

Published: 21/03/2019 Updated: 24/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
systrome cumilon isg-600c firmware 1.1-r2.1
systrome cumilon isg-600h firmware 1.1-r2.1
systrome cumilon isg-800w firmware 1.1-r2.1

SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from a cross site request forgery vulnerability ...

===================================================== Authenticated XSRF leads to complete Account Takeover ===================================================== contents:: Table Of Content Overview ======== Title:- Authenticated XSRF leads to complete account takeover in all SYSTORME ISG Products CVE ID:- CVE-2018-19525 Author: Kaustubh G P ...

CWE-352 CWE-79 http://seclists.org/fulldisclosure/2019/Feb/31 http://packetstormsecurity.com/files/151647/SYSTORME-ISG-Cross-Site-Request-Forgery.html https://www.breakthesec.com/2019/02/cve-2018-19525-account-takeover-via.html https://s3curityb3ast.github.io/KSA-Dev-002.md https://nvd.nist.gov http://seclists.org/fulldisclosure/2019/Feb/31

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-19525

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect