CVE-2013-6883

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
cru-incditto_forensic_fieldstation_firmware
𝑥
≤ 2013oct15a
cru-incditto_forensic_fieldstation
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/100999
http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html
http://seclists.org/fulldisclosure/2013/Dec/80
http://secunia.com/advisories/55989
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a
http://www.exploit-db.com/exploits/30396
http://osvdb.org/100999
http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html
http://seclists.org/fulldisclosure/2013/Dec/80
http://secunia.com/advisories/55989
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a
http://www.exploit-db.com/exploits/30396