Computer Security
[EN] securityvulns.ru no-pyccku


Forescout NAC multiple security vulnerabilities
updated since 03.12.2012
Published:10.12.2012
Source:
SecurityVulns ID:12740
Type:remote
Threat Level:
5/10
Description:Crossite scripting, protection bypass.
Affected:FORESCOUT : Forescout NAC 6.3
CVE:CVE-2012-4985 (The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets.)
 CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch.)
 CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.)
Original documentdocumentJoseph Sheridan, Forescout NAC (Network Access Control) multiple vulnerabilities (10.12.2012)
 documentJoseph Sheridan, Forescout NAC multiple vulnerabilities (03.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod