FSC-2020-1
CSRF Vulnerability in Web Interface of Linux Security
More information
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the web user interface of F-Secure Linux Security. An unauthenticated user can send the CSRF request to the web user interface. A successful attack can lead to the product settings being disabled remotely through the web interface. These include antivirus, the firewall, and the integrity protection settings.
This issue and a Proof-of-Concept exploit was reported privately to F-Secure as part of our Vulnerability Reward Program. No known attacks have been reported or observed in the wild.
Contributors
F-Secure Corporation would like to thank Tomas Bortoli (tomasbortoli@gmail.com) for bringing this issue to our attention.
- Vulnerability in web user interface of the F-Secure Linux Security can lead to remotely disable product settings.
- Resolved
- Medium
- Hotfix 9 was published to fix this vulnerability. Download and instructions on: https://www.f-secure.com/en/business/downloads/linux-security
- Corporate Products: F-Secure Linux Security Version 11.00 F-Secure Linux Security Version 11.10
- All supported platforms of the affected products
- 19/5/2020
Description
Status
Risk level
Fix
Affected products
Platforms
Date issues
- Security advisories
- 2020
- Medium