CVE-2010-2594 — MEDIUM (6.8)

Q: How severe is CVE-2010-2594?

CVE-2010-2594 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2594?

Check the references section above for vendor advisories and patch information. Affected products include: Intersect Alliance Snare Agent, Sun Solaris, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Xp.

Vulnerability Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Intersect Alliance	Snare Agent	<= 3.2.3
Sun	Solaris	All versions
Microsoft	Windows 2000	All versions
Microsoft	Windows 2003 Server	All versions
Microsoft	Windows Xp	All versions
Linux	Linux Kernel	-
Sgi	Irix	All versions
Intersect Alliance	Snare Epilog	<= 1.5.3
Microsoft	Windows	All versions
Unix	Unix	All versions
Ibm	Aix	All versions
Microsoft	Windows 7	All versions
Microsoft	Windows Server 2008	-
Microsoft	Windows Vista	All versions

Related Weaknesses (CWE)

CWE-352

References

http://holisticinfosec.org/content/view/144/45/Third Party Advisory
http://secunia.com/advisories/39562Broken Link
http://www.kb.cert.org/vuls/id/173009Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/41226Third Party AdvisoryVDB Entry
http://holisticinfosec.org/content/view/144/45/Third Party Advisory
http://secunia.com/advisories/39562Broken Link
http://www.kb.cert.org/vuls/id/173009Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/41226Third Party AdvisoryVDB Entry

FAQ

What is CVE-2010-2594?

CVE-2010-2594 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Sna...

How severe is CVE-2010-2594?

CVE-2010-2594 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2594?

Check the references section above for vendor advisories and patch information. Affected products include: Intersect Alliance Snare Agent, Sun Solaris, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Xp.