CVE-2020-5549

Опубликовано: 08 апр. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Ссылки

https://jvn.jp/en/jp/JVN89224521/index.html
Third Party Advisory
https://www.plathome.co.jp/software/ipv6-enterprise-v2-0-2/
Release Notes
Vendor Advisory
https://www.plathome.co.jp/software/ipv6-v2-0-2/
Release Notes
Vendor Advisory
https://jvn.jp/en/jp/JVN89224521/index.html
Third Party Advisory
https://www.plathome.co.jp/software/ipv6-enterprise-v2-0-2/
Release Notes
Vendor Advisory
https://www.plathome.co.jp/software/ipv6-v2-0-2/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:plathome:easyblocks_ipv6_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.1 (включая)

cpe:2.3:h:plathome:easyblocks_ipv6:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:plathome:easyblocks_ipv6_enterprise_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.1 (включая)

cpe:2.3:h:plathome:easyblocks_ipv6_enterprise:-:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00196

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-q6hm-3q22-555x

github

больше 3 лет назад