Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3733Cross-Site Request Forgery in Cisco Security Monitoring Analysis AND Response System

CWE-264CWE-352Cross-Site Request Forgery7 documents4 sources
Severity
7.6HIGHNVD
NVD7.5CNA7.5
EPSS
16.3%
top 5.16%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Security Monitoring Analysis AND Response System
Timeline
PublishedJul 21
Latest updateMay 1

Description

jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www.cisco.comPatch: www.securityfocus.comPatch: www.cisco.com

🔴Vulnerability Details

4
GHSA
GHSA-rw9w-8p85-7w9m: jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response Syste2022-05-01
GHSA
GHSA-r86m-hxp8-3mvw: Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administr2022-05-01
CVEList
CVE-2007-1157: Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administr2007-02-27
CVEList
CVE-2006-3733: jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response Syste2006-07-19

💥Exploits & PoCs

1
Exploit-DB
Cisco Security Monitoring Analysis and Response System JBoss - Command Execution2006-07-19
CVE-2006-3733 — Cross-Site Request Forgery in Cisco | cvebase