CVE-2016-10206: CSRF
First published: Fri Mar 03 2017(Updated: )
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZoneMinder | <=1.30.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-10206?
CVE-2016-10206 has a medium severity rating due to its potential to hijack user authentication for critical actions.
How do I fix CVE-2016-10206?
To fix CVE-2016-10206, upgrade to the latest version of ZoneMinder beyond 1.30.0 as it contains patches for this vulnerability.
What type of attack does CVE-2016-10206 involve?
CVE-2016-10206 involves a cross-site request forgery (CSRF) attack that can lead to unauthorized password changes.
Which versions of ZoneMinder are affected by CVE-2016-10206?
ZoneMinder versions 1.30.0 and earlier are affected by CVE-2016-10206.
What impact can CVE-2016-10206 have on users?
The impact of CVE-2016-10206 includes the risk of remote attackers hijacking authentication to perform actions like changing user passwords.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zoneminder
- canonical/zoneminder
- version/zoneminder/1.30.0