Silver Peak VX version 126.96.36.199_47968 is vulnerable to cross-site request forgery and cross-site scripting.
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2014-2974
Silver Peak VX version 188.8.131.52_47968 contains a cross-site request forgery vulnerability in /php/user_account.php that allows an unauthenticated user to create a new administrator account.
An attacker can conduct a cross-site scripting or cross-site request forgery attack, which could be used for privilege escalation or to inject arbitrary HTML content (including script) into a web page presented to the user.
Apply an Update
Thanks to William Costa for reporting this vulnerability.
This document was written by Chris King.