CVE-2024-0555

A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : LOW
User interaction : REQUIRED
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 8
Base severity : HIGH
Exploitability score : 2.1
Impact score : 5.9