Secure Computing SnapGear Management Console SG560 Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Secure Computing SnapGear Management Console SG560 version 3.1.5. This vulnerability allows attackers to perform administrative actions without user consent. By crafting a malicious web page that a logged-in user visits, an attacker can automatically submit a form to create a new super user account with full administrative privileges.

Impact

Exploitation of this vulnerability allows for unauthorized administrative actions to be performed, including the creation of super user accounts with full privileges.

Reproduction

To reproduce this vulnerability, an attacker must persuade a logged-in user to visit a malicious web page. This page should be crafted to automatically submit a form to the SnapGear Management Console's admin users interface, including the necessary fields to create a new super user account. Once the form is submitted, the new account will be created with administrative rights.