CVE-2012-4051
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| jamf | casper_suite | {"endIncluding":"8.6"} | |
| jamf | casper_suite | 7.0 | |
| jamf | casper_suite | 7.1 | |
| jamf | casper_suite | 7.2 | |
| jamf | casper_suite | 7.3 | |
| jamf | casper_suite | 8.0 | |
| jamf | casper_suite | 8.1 | |
| jamf | casper_suite | 8.2 | |
| jamf | casper_suite | 8.3 | |
| jamf | casper_suite | 8.4 | |
| jamf | casper_suite | 8.5 | |
| jamf | casper_suite | 8.43 | |
| jamf | casper_suite | 8.51 | |
References
- http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html
- http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf
- http://www.kb.cert.org/vuls/id/555668
- http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html
- http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf
- http://www.kb.cert.org/vuls/id/555668
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.