Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title JAMF Software Casper Suite contains a cross-site request forgery vulnerability
Informations
Name VU#555668 First vendor Publication 2012-09-24
Vendor VU-CERT Last vendor Modification 2012-09-25
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#555668

JAMF Software Casper Suite contains a cross-site request forgery vulnerability

Original Release date: 24 Sep 2012 | Last revised: 25 Sep 2012

Overview

JAMF Software's Casper Suite is susceptible to a cross-site request forgery (CSRF) (CWE-352) vulnerability.

Description

JAMF Software's Casper Suite, a Mac OS X and iOS client management framework, contains a cross-site request forgery (CSRF) (CWE-352) vulnerability. The reporter provided a proof-of-concept that created a new user and modified the password for an existing user.

Impact

By convincing the user to follow a specifically crafted URL, an attacker may be able to execute commands in the context of the logged in user.

Solution

Apply an Update

Casper Suite 8.61 has been released to address this vulnerability. Users should contact JAMF Software to obtain this version.

If you cannot update for whatever reason, please consider the following workarounds.

Do not click on links

Do not follow links from emails or instant messages. Always access the management interface by typing in the web address or using a known good bookmark.

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent CSRF attacks since the attack comes as an HTTP request from a legitimate user's host. Restricting access would prevent an attacker from accessing the site using stolen credentials from a blocked network location.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
JAMF softwareAffected15 Aug 201224 Sep 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.8AV:N/AC:M/Au:N/C:P/I:P/A:P
Temporal5.8E:POC/RL:W/RC:C
Environmental5.8CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf
  • http://jamfsoftware.com/products/casper-suite
  • http://cwe.mitre.org/data/definitions/352.html
  • http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html

Credit

Thanks to Jacob Holcomb for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2012-4051
  • Date Public:24 Sep 2012
  • Date First Published:24 Sep 2012
  • Date Last Updated:25 Sep 2012
  • Document Revision:21

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/555668

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 13

ExploitDB Exploits

id Description
2012-09-27 JAMF Casper Suite MDM CSRF Vulnerability