CSRF Vulnerability in Web Interface of Linux Security
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the web user interface of F-Secure Linux Security. An unauthenticated user can send the CSRF request to the web user interface. A successful attack can lead to the product settings being disabled remotely through the web interface. These include antivirus, the firewall, and the integrity protection settings.
This issue and a Proof-of-Concept exploit was reported privately to F-Secure as part of our Vulnerability Reward Program. No known attacks have been reported or observed in the wild.
F-Secure Corporation would like to thank Tomas Bortoli (firstname.lastname@example.org) for bringing this issue to our attention.