8.1
CVE-2020-3261
- EPSS 0.29%
- Published 15.04.2020 21:15:36
- Last modified 21.11.2024 05:30:40
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Aironet 1542i Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1542i Firmware Version8.10(1.255)
Cisco ≫ Aironet 1542d Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1542d Firmware Version8.10(1.255)
Cisco ≫ Aironet 1562i Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1562i Firmware Version8.10(1.255)
Cisco ≫ Aironet 1562e Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1562e Firmware Version8.10(1.255)
Cisco ≫ Aironet 1562d Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1562d Firmware Version8.10(1.255)
Cisco ≫ Aironet 1815 Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1815 Firmware Version8.10(1.255)
Cisco ≫ Aironet 1830 Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1830 Firmware Version8.10(1.255)
Cisco ≫ Aironet 1840 Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1840 Firmware Version8.10(1.255)
Cisco ≫ Aironet 1850 Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 1850 Firmware Version8.10(1.255)
Cisco ≫ Aironet 2800i Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 2800i Firmware Version8.10(1.255)
Cisco ≫ Aironet 2800e Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 2800e Firmware Version8.10(1.255)
Cisco ≫ Aironet 3800i Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 3800i Firmware Version8.10(1.255)
Cisco ≫ Aironet 3800e Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 3800e Firmware Version8.10(1.255)
Cisco ≫ Aironet 3800p Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 3800p Firmware Version8.10(1.255)
Cisco ≫ Aironet 4800 Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Aironet 4800 Firmware Version8.10(1.255)
Cisco ≫ Catalyst Iw6300 Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ Catalyst Iw6300 Firmware Version8.10(1.255)
Cisco ≫ 6300 Series Access Points Firmware Version >= 8.0 < 8.8.130.0
Cisco ≫ 6300 Series Access Points Firmware Version8.10(1.255)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.522 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
| psirt@cisco.com | 8.1 | 2.8 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.