{"containers": {"cna": {"affected": [{"product": "Cisco Mobility Express", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-04-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T20:11:15.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"}], "source": {"advisory": "cisco-sa-mob-exp-csrf-b8tFec24", "defect": [["CSCvq88209"]], "discovery": "INTERNAL"}, "title": "Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-04-15T16:00:00-0700", "ID": "CVE-2020-3261", "STATE": "PUBLIC", "TITLE": "Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Mobility Express", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "8.1", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352"}]}]}, "references": {"reference_data": [{"name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"}]}, "source": {"advisory": "cisco-sa-mob-exp-csrf-b8tFec24", "defect": [["CSCvq88209"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:30:57.614Z"}, "title": "CVE Program Container", "references": [{"name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T16:28:54.925189Z", "id": "CVE-2020-3261", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T17:28:53.825Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3261", "datePublished": "2020-04-15T20:11:15.286Z", "dateReserved": "2019-12-12T00:00:00.000Z", "dateUpdated": "2024-11-15T17:28:53.825Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24", "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:30:57.614Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-3261", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-15T16:28:54.925189Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T16:29:35.711Z"}}], "cna": {"title": "Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "source": {"defect": [["CSCvq88209"]], "advisory": "cisco-sa-mob-exp-csrf-b8tFec24", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Mobility Express", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2020-04-15T00:00:00.000Z", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24", "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2020-04-15T20:11:15.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "8.1", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}}, "source": {"defect": [["CSCvq88209"]], "advisory": "cisco-sa-mob-exp-csrf-b8tFec24", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco Mobility Express"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24", "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-3261", "STATE": "PUBLIC", "TITLE": "Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-04-15T16:00:00-0700"}}}}, "cveMetadata": {"cveId": "CVE-2020-3261", "state": "PUBLISHED", "dateUpdated": "2024-11-15T17:28:53.825Z", "dateReserved": "2019-12-12T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2020-04-15T20:11:15.286Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1542i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4743D728-DE98-4ECF-9C19-495D74F8E26B", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1542i_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "2CD95A3A-ECAD-4464-B7B1-C9A8F4D4FE4E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AE916B2-CAAD-4508-A47E-A7D4D88B077A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1542d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33B38D29-731C-46FD-8937-2CCB75CCBE9E", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1542d_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "4CC3DD26-1AEB-4E02-92C3-2B72AC552AC1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5DB7510-2741-464A-8FC9-8419985E330F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1562i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34C96EE1-C7B8-4473-A7CB-5484CAAA5A67", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1562i_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "B05F6D72-0E41-4436-B4B8-436BF13AA152", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*", "matchCriteriaId": "D27AB201-342D-4517-9E05-6088598F4695", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1562e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C36C2A23-8B4A-4A01-9947-30D5A763DE1A", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1562e_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "28198B57-F0D0-46B8-8FCB-8D239C150DFB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*", "matchCriteriaId": "99EAEA92-6589-4DFB-BC4B-8CBA425452D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1562d_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C68430E0-1022-4F34-BEA9-DC68B8A7662E", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1562d_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "F48A0DB5-65D7-4272-B7C0-52888346A650", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D717945-EE41-4D0F-86EF-90826EBE9C3E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1815_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1DDF107-2C92-4479-AF05-FE81305E4D34", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1815_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "C85C7BC2-1A61-4347-A6CC-9429F4DE086A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1830_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DAB9A21-B740-4B43-AF53-5A96D1D39659", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1830_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "59E830C6-3580-473D-98BD-E0E544ED4185", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1830:-:*:*:*:*:*:*:*", "matchCriteriaId": "093AB3A8-853B-4094-BFB5-6A8775AAA8D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1840_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DEE5B56-01C3-4C96-9ED5-4EC8245B3AC2", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1840_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "33866E28-2081-46FA-83C6-957C031682F1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1840:-:*:*:*:*:*:*:*", "matchCriteriaId": "A69CA9D6-914D-436F-AA81-B218CC312D29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13A84D4B-F455-4838-9C1E-6B13BCCA0B72", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_1850_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "CAB0CEC3-BBEF-4103-B952-2813596E0C2F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1850:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE0B76A8-377E-4176-8F04-B0D468D4E767", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_2800i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B14D6BC8-C900-47C3-9CB6-A705CAB526EC", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_2800i_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "F05A57CB-944C-4BC0-86BE-098E9001F4AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_2800e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "16C65C71-9805-4CE9-9612-504CA83A923A", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_2800e_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "6FC00793-2FA7-4828-9982-D148C82229AB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*", "matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_3800i_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13219F7A-9396-44D9-B01C-AAD44DD350A8", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_3800i_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "C32AA518-D8B0-4836-A1A0-79EAE97A9B85", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*", "matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_3800e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "115A547A-9CB9-4488-9BAF-5222A16E5264", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_3800e_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "6CF1D2BA-0293-4323-8295-76A9F6D0DC72", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*", "matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_3800p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "515B7F08-03BA-4BC9-A663-930C2FC6E003", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_3800p_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "5F59162B-4AD3-4AFC-9A83-266531B37BC4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*", "matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:aironet_4800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A96FD2AD-66EF-4E40-ADA8-6B04CDC16C0B", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:aironet_4800_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "D4D7F5DD-253F-4838-9D03-881138F52EAE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:catalyst_iw6300_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F48F9C4-58D2-4B15-9BC3-E90DC1E82399", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:catalyst_iw6300_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "220BA40C-28C6-4CBB-B35C-FDDDD89DBEF1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C559D6F7-B432-4A2A-BE0E-9697CC412C70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:6300_series_access_points_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B7F56FF-85B8-49B2-858D-A6FA4C1C5CD2", "versionEndExcluding": "8.8.130.0", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:6300_series_access_points_firmware:8.10\\(1.255\\):*:*:*:*:*:*:*", "matchCriteriaId": "543A29BF-3166-4EF9-A075-50EB9CB0E9FC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:6300_series_access_points:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E6F57DE-E039-49D7-B240-48CBD9CACD6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del Software Cisco Mobility Express podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de tipo cross-site request forgery (CSRF) sobre un sistema afectado. La vulnerabilidad es debido a insuficientes protecciones de CSRF para la interfaz de administraci\u00f3n basada en web sobre un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al persuadir a un usuario con una sesi\u00f3n activa en un dispositivo afectado para que siga un enlace malicioso. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante llevar a cabo acciones arbitrarias, incluyendo la modificaci\u00f3n de la configuraci\u00f3n, con el nivel de privilegio del usuario."}], "id": "CVE-2020-3261", "lastModified": "2024-11-21T05:30:40.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-15T21:15:36.060", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}