Landesk Gateway Web Interface Command Injection Exploit

The LANDesk web application does not sufficiently verify if a well-formed request was created by the user whose browser submitted the request. Using this flaw an external remote attacker can use a Cross-site Request Forgery attack via a user with a LANDesk session to run arbitrary code using the gsbadmin user (that is the user running the web-server), the gsbadmin user has sudo privileges.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2010-2892
Product Version: 
11.0
Released Date: 
Thursday, January 13, 2011 - 00:00