CVE-2017-6038

Published: Jun 30, 2017Modified: May 13, 2026

7.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.

Affected (1)

Products: Belden Hirschmann: Gecko Lite Managed Switch Firmware

Belden Hirschmann

1 product

Gecko Lite Managed Switch Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Belden Hirschmann Gecko Lite Managed Switch Firmware	Up to 2.0.00

Running on/with	Platform Versions
Belden Hirschmann Gecko Lite Managed Switch	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.