CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2738

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile30.32th
PublishedAug 11, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

Affected Platforms (CPE)

๐Ÿ“ฆ
Freenas

Freenas

<= 0.69.2
๐Ÿ“ฆ
Freenas

Freenas

= 0.69.1

References & Advisories

๐Ÿ”— http://jvn.jp/en/jp/JVN15267895/index.html
๐Ÿ”— http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html
๐Ÿ”— http://www.freenas.org/index.php?option=com_frontpage&Itemid=22
๐Ÿ”— http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html
๐Ÿ”— http://jvn.jp/en/jp/JVN15267895/index.html
๐Ÿ”— http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html
๐Ÿ”— http://www.freenas.org/index.php?option=com_frontpage&Itemid=22
๐Ÿ”— http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html

Related Vulnerabilities

CVE-2014-53349.8

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui log...

CVE-2020-116507.5

An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of serv...

CVE-2009-27394.3

Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML v...

CVE-2010-20059

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated commandโ€execution backdoor in its web interface. The exec_raw.php...