Unison Software
CVE-2023-39412
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.
AnalysisAI
Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. Affected products include: Intel Unison Software.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
More in Unison Software
View allImproper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation
Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalatio
Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation
Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentia
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of pr
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of
Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of p
Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable deni
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of servic
Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial o
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today