Описание
Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_220_series_smart_plus_switches:1.0.0.19:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00137
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuz76230.
EPSS
Процентиль: 34%
0.00137
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352