0 Results Found
              Back To Results
                Advisories

                Carbon Black Cross-Site Request Forgery (CSRF)

                Dell SecureWorks Security Advisory SWRX-2014-007

                Advisory Information

                • Title: Carbon Black Cross-Site Request Forgery (CSRF)
                • Advisory ID: SWRX-2014-007
                • Date published: Tuesday, April 1, 2014
                • CVE: CVE-2014-1615
                • CVSS v2 base score: 5.1
                • Date of last update: Tuesday, April 1, 2014
                • Vendors contacted: Carbon Black
                • Release mode: Coordinated
                • Discovered by: Dana James Traversie, Dell SecureWorks

                Summary

                Carbon Black is an endpoint security solution that provides administrative functionality and other features via a dedicated web application. Multiple vulnerabilities in the Carbon Black web application could allow an unauthenticated remote attacker to conduct cross-site request forgery (CSRF) attacks. These vulnerabilities are due to insufficient or missing CSRF protections. An attacker could exploit these vulnerabilities by persuading a user to follow a malicious link or visit an attacker-controlled website.

                Dell SecureWorks researchers created a proof of concept video to illustrate the vulnerability, the exploit, and its outcome.

                Download the PDF: SWRX-2014-007

                PGP Signature

                Related Content