Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as demonstrated by a request with the swuuser and swupass parameters, which adds an administrator account. NOTE: the CSRF attack has no timing window because there is no logout capability in the management interface.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Check Point VPN-1 UTM Edge 跨站请求伪造漏洞
Vulnerability Description
Check Point VPN-1 UTM Edge中的Check Point VPN-1 Edge X Embedded NGX 7.0.33x中管理界面的pop/WizU.html存在跨站请求伪造漏洞。远程攻击者可以作为管理员身份执行特权操作,例如swuuser和swupass参数的请求可以增加管理员账号。
CVSS Information
N/A
Vulnerability Type
N/A