I. VULNERABILITY ------------------------- CSRF vulnerabilities in CacheGuard-OS v5.7.7 II. BACKGROUND ------------------------- CacheGuard is an All-in-One Web Security Gateway providing firewall, web antivirus, caching, compression, URL filtering, proxy, high availability, content filtering, bandwidth saving, bandwidth shaping, Quality of Service and more. III. DESCRIPTION ------------------------- Has been detected a CSRF vulnerability in CacheGuard in "/gui/password-wadmin.apl" IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter any csrf_token "/gui/password-wadmin.apl".

V. BUSINESS IMPACT ------------------------- CSRF allow the execution attackers to modify settings or change password of user administrator in CacheGuard, because this functions are not protected by CSRF-Tokens. VI. REQUIREMENTS ----------------------- An Attacker needs to know the IP of the device. An Administrator needs an authenticated connection to the device. VII. SYSTEMS AFFECTED ------------------------- Try CacheGuard-OS v5.7.7 VIII. SOLUTION ------------------------- All functions must be protected by CSRF-Tokens. http://www.kb.cert.org/vuls/id/241508 By William Costa william.costa no spam gmail.com