CVE-2013-6883 : Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStati

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.

Published 2013-12-17 16:08:51

Updated 2014-01-14 04:29:25

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Products affected by CVE-2013-6883

Cru-inc » Ditto Forensic Fieldstation Firmware
Versions up to, including, (<=) 2013oct15a
cpe:2.3:o:cru-inc:ditto_forensic_fieldstation_firmware:*:*:*:*:*:*:*:*
Matching versions
Cru-inc » Ditto Forensic Fieldstation » Version: N/A
cpe:2.3:h:cru-inc:ditto_forensic_fieldstation:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-6883

EPSS FAQ

5.32%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6883

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-6883

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6883

http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013oct15a

Ditto Firmware Release Notes 2013Oct15a - CRU
http://www.exploit-db.com/exploits/30396

Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities - PHP webapps Exploit

CVEs referencing this url
http://www.cru-inc.com/support/software-downloads/ditto-firmware-updates/ditto-firmware-release-notes-2013jun30a

Ditto Firmware Release Notes 2013Jun30a - CRU
http://seclists.org/fulldisclosure/2013/Dec/80

Full Disclosure: Ditto Forensic FieldStation, multiple vulnerabilities
Exploit

CVEs referencing this url
http://packetstormsecurity.com/files/124420/Ditto-Forensic-FieldStation-2013Oct15a-XSS-CSRF-Command-Execution.html

Ditto Forensic FieldStation 2013Oct15a XSS/ CSRF / Command Execution ≈ Packet Storm

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-6883

Products affected by CVE-2013-6883

Exploit prediction scoring system (EPSS) score for CVE-2013-6883

CVSS scores for CVE-2013-6883

CWE ids for CVE-2013-6883

References for CVE-2013-6883