Vulnerability Description
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | Msr35 Isherlock-Base | < 1.5.328 |
| Hgiga | Msr35 Isherlock-Sysinfo | < 1.5.196 |
| Hgiga | Msr35 Isherlock-User | < 1.5.127 |
| Hgiga | Msr35 Isherlock-Useradmin | < 1.5.239 |
| Hgiga | Msr45 Isherlock-Base | < 4.5-206 |
| Hgiga | Msr45 Isherlock-Sysinfo | < 4.5-109 |
| Hgiga | Msr45 Isherlock-User | < 4.5-81 |
| Hgiga | Msr45 Isherlock-Useradmin | < 4.5-106 |
Related Weaknesses (CWE)
References
- http://surl.twcert.org.tw/mChNiExploitThird Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201904003ExploitThird Party Advisory
- http://surl.twcert.org.tw/mChNiExploitThird Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201904003ExploitThird Party Advisory
FAQ
What is CVE-2019-9883?
CVE-2019-9883 is a vulnerability with a CVSS score of 8.8 (HIGH). Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_ac...
How severe is CVE-2019-9883?
CVE-2019-9883 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9883?
Check the references section above for vendor advisories and patch information. Affected products include: Hgiga Msr35 Isherlock-Base, Hgiga Msr35 Isherlock-Sysinfo, Hgiga Msr35 Isherlock-User, Hgiga Msr35 Isherlock-Useradmin, Hgiga Msr45 Isherlock-Base.