Syneto Unified Threat Management Cross Site Request Forgery Vulnerability

Bugtraq ID:	51707
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 27 2012 12:00AM
Updated:	Jan 27 2012 12:00AM
Credit:	Vulnerability Research Laboratory
Vulnerable:	Syneto Unified Threat Management 1.4.2 Syneto Unified Threat Management 1.3.3 Community Edition
Not Vulnerable:

Syneto Unified Threat Management Cross Site Request Forgery Vulnerability

Syneto Unified Threat Management is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.

Syneto Unified Threat Management 1.3.3 CE and 1.4.2 are vulnerable; other versions may also be affected.

Syneto Unified Threat Management Cross Site Request Forgery Vulnerability

To exploit this issue, an attacker must entice an unsuspecting victim to follow a malicious URI or visit a malicious website.