0 Results Found
            Back To Results
              Advisory

              Carbon Black Cross-Site Request Forgery (CSRF)

              Dell SecureWorks Security Advisory SWRX-2014-007

              Advisory Information

              • Title: Carbon Black Cross-Site Request Forgery (CSRF)
              • Advisory ID: SWRX-2014-007
              • Date published: Tuesday, April 1, 2014
              • CVE: CVE-2014-1615
              • CVSS v2 base score: 5.1
              • Date of last update: Tuesday, April 1, 2014
              • Vendors contacted: Carbon Black
              • Release mode: Coordinated
              • Discovered by: Dana James Traversie, Dell SecureWorks

              Summary

              Carbon Black is an endpoint security solution that provides administrative functionality and other features via a dedicated web application. Multiple vulnerabilities in the Carbon Black web application could allow an unauthenticated remote attacker to conduct cross-site request forgery (CSRF) attacks. These vulnerabilities are due to insufficient or missing CSRF protections. An attacker could exploit these vulnerabilities by persuading a user to follow a malicious link or visit an attacker-controlled website.

              Dell SecureWorks researchers created a proof of concept video to illustrate the vulnerability, the exploit, and its outcome.

              Download the PDF: SWRX-2014-007

              PGP Signature

              Related Content