← Back

CVE-2020-3261

nvd nist
Published: Apr 15, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.

Affected (34)

Cisco
17 products
Aironet 1542i Firmware
Aironet 1542d Firmware
Aironet 1562i Firmware
Aironet 1562e Firmware
Aironet 1562d Firmware
Aironet 1815 Firmware
Aironet 1830 Firmware
Aironet 1840 Firmware
Aironet 1850 Firmware
Aironet 2800i Firmware
Aironet 2800e Firmware
Aironet 3800i Firmware
Aironet 3800e Firmware
Aironet 3800p Firmware
Aironet 4800 Firmware
Catalyst Iw6300 Firmware
6300 Series Access Points Firmware
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1542i Firmware
From 8.0 to 8.8.130.0
Aironet 1542i Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1542i
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1542d Firmware
From 8.0 to 8.8.130.0
Aironet 1542d Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1542d
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1562i Firmware
From 8.0 to 8.8.130.0
Aironet 1562i Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1562i
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1562e Firmware
From 8.0 to 8.8.130.0
Aironet 1562e Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1562e
All versions
Configuration E
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1562d Firmware
From 8.0 to 8.8.130.0
Aironet 1562d Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1562d
All versions
Configuration F
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1815 Firmware
From 8.0 to 8.8.130.0
Aironet 1815 Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1815
All versions
Configuration G
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1830 Firmware
From 8.0 to 8.8.130.0
Aironet 1830 Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1830
All versions
Configuration H
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1840 Firmware
From 8.0 to 8.8.130.0
Aironet 1840 Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1840
All versions
Configuration I
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 1850 Firmware
From 8.0 to 8.8.130.0
Aironet 1850 Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 1850
All versions
Configuration J
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 2800i Firmware
From 8.0 to 8.8.130.0
Aironet 2800i Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 2800i
All versions
Configuration K
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 2800e Firmware
From 8.0 to 8.8.130.0
Aironet 2800e Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 2800e
All versions
Configuration L
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 3800i Firmware
From 8.0 to 8.8.130.0
Aironet 3800i Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 3800i
All versions
Configuration M
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 3800e Firmware
From 8.0 to 8.8.130.0
Aironet 3800e Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 3800e
All versions
Configuration N
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 3800p Firmware
From 8.0 to 8.8.130.0
Aironet 3800p Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 3800p
All versions
Configuration O
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Aironet 4800 Firmware
From 8.0 to 8.8.130.0
Aironet 4800 Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Aironet 4800
All versions
Configuration P
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Catalyst Iw6300 Firmware
From 8.0 to 8.8.130.0
Catalyst Iw6300 Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
Catalyst Iw6300
All versions
Configuration Q
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
6300 Series Access Points Firmware
From 8.0 to 8.8.130.0
6300 Series Access Points Firmware
Version 8.10(1.255)
Running on/withPlatform Versions
Cisco
6300 Series Access Points
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.