CVE-2012-4982 Scanner
Detects 'Open Redirect' vulnerability in Forescout CounterACT NAC device affects v. before 7.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
The Forescout CounterACT NAC device is a security solution designed to protect enterprise networks from cyber threats. Its primary purpose is to perform network access control, which means that it allows only authorized users and devices to gain access to an organization's network resources. The device can be deployed as a standalone appliance or as a virtual machine on a server.
One of the vulnerabilities detected in the Forescout CounterACT NAC device is the CVE-2012-4982. This vulnerability is an open redirect vulnerability located in assets/login before version 7.0. When exploited, remote attackers can redirect users to arbitrary websites, allowing them to conduct phishing attacks through a URL in the "a" parameter. This vulnerability can be exploited remotely, without the need for any authentication, which poses a significant risk to the organization.
The exploitation of CVE-2012-4982 can lead to several severe impacts for organizations. For instance, attackers can redirect unsuspecting users to phishing websites, which can result in loss of sensitive information such as login credentials. Furthermore, attackers can use this vulnerability to launch attacks such as cross-site scripting (XSS), cross-site request forgery (CSRF), or even to distribute malware to the user's machine or the network.
Thanks to the pro features of the s4e.io platform, users can easily and quickly assess the vulnerability status of their digital assets and gain insights into best practices to protect against cyber threats. With this platform, users can scan their digital assets for vulnerabilities and receive actionable reports that provide detailed information about detected vulnerabilities. Overall, the S4E platform is a valuable tool for organizations that want to ensure the security of their digital assets.
REFERENCES