CVE-2017-6042

Опубликовано: 30 июн. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.

Ссылки

http://www.securityfocus.com/bid/98036
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02
Third Party Advisory
US Government Resource
VDB Entry
http://www.securityfocus.com/bid/98036
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-115-02
Third Party Advisory
US Government Resource
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sierra_wireless:airlink_raven_xe_firmware:*:*:*:*:*:*:*:*

Версия до - (включая)

cpe:2.3:h:sierra_wireless:airlink_raven_xe:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:sierra_wireless:airlink_raven_xt_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sierra_wireless:airlink_raven_xt:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00131

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-wp73-m8wc-m2mm