CVE-2017-6036

Published: Jun 30, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.

Affected (1)

Products: Belden Hirschmann: Gecko Lite Managed Switch Firmware

Belden Hirschmann

1 product

Gecko Lite Managed Switch Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Belden Hirschmann Gecko Lite Managed Switch Firmware	Up to 2.0.00

Running on/with	Platform Versions
Belden Hirschmann Gecko Lite Managed Switch	All versions

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.