LANDesk Management Gateway Multiple Security Vulnerabilities

LANDesk Management Gateway is prone to a cross-site request-forgery vulnerability and a cross-site scripting vulnerability.

An attacker can exploit the cross-site request forgery issue to alter the settings on affected devices. This may lead to further network-based attacks, including command-injection attacks to the device's underlying operating system, which can lead to a complete compromise of a vulnerable device.

The attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible.


 

Privacy Statement
Copyright 2010, SecurityFocus