BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

EZGenerator Cross-Site Request Forgery

Disclosed January 8, 2014    Zeroday : 288 days

Vulnerability Description:

EZGenerator contains a cross-site request forgery vulnerability, which could allow attackers to execute arbitrary administrative actions if a user clicked on a malicious link from the attacker.

Vendors:

Image-Line

Vulnerable Software/Devices:

EZGenerator

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Cross-Site Request Forgery
Exploitation of this vulnerability is possible via forged HTML forms, sent to a victim through a number of different attack vectors (including malicious links). Attackers who successfully exploit this vulnerability may be able execute administrative actions.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 32331 - EZGenerator Cross-Site Request Forgery (20140109) (Zero-Day)
  • 32332 - EZGenerator Cross-Site Request Forgery (20140109) (Zero-Day) - x64

Mitigation:

No mitigation is available.

Links:

CVE(s):

None