ConnectWise Control 跨站请求伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1929104 漏洞类型 跨站请求伪造
发布时间 2020-01-23 更新时间 2020-02-19
CVE编号 CVE-2019-16513 CNNVD-ID CNNVD-202001-1062
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202001-1062
|漏洞详情
ConnectWise Control 19.3.25270.7185版本中存在跨站请求伪造漏洞。攻击者可通过发送API请求利用该漏洞修改用户的Control账户。
|参考资料

来源:blog.huntresslabs.com

链接:https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34


来源:know.bishopfox.com

链接:https://know.bishopfox.com/advisories


来源:know.bishopfox.com

链接:https://know.bishopfox.com/advisories/connectwise-control


来源:www.crn.com

链接:https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox


来源:www.crn.com

链接:https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox


来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-16513