BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

HP 2620 Switch Series Cross-Site Request Forgery

Disclosed September 26, 2013    Zeroday : 392 days

Vulnerability Description:

HP 2620 switches are vulnerable to a cross-site request forgery vulnerability, which could allow attackers to execute arbitrary administrative actions if a user clicked on a malicious link from the attacker.

Vendors:

HP

Vulnerable Software/Devices:

HP 2620 Switch Series RA 15.05.0006 and possibly other versions

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Cross-Site Request Forgery
Exploitation of this vulnerability is possible via forged HTML forms, sent to a victim through a number of different attack vectors (including malicious links). Attackers who successfully exploit this vulnerability may be able execute administrative actions.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 32339 - HP 2620 Switch Series Cross-Site Request Forgery (20140109) (Zero-Day)

Mitigation:

No mitigations are currently available.

Links:

CVE(s):