CVE-2020-3261
Vulnerability from cvelistv5
Published
2020-04-15 20:11
Modified
2024-11-15 17:28
Summary
Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability
Impacted products
CiscoCisco Mobility Express
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:57.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3261",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:28:54.925189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:28:53.825Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Mobility Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-15T20:11:15",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
        }
      ],
      "source": {
        "advisory": "cisco-sa-mob-exp-csrf-b8tFec24",
        "defect": [
          [
            "CSCvq88209"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-04-15T16:00:00-0700",
          "ID": "CVE-2020-3261",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Mobility Express",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200415 Cisco Mobility Express Software Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-mob-exp-csrf-b8tFec24",
          "defect": [
            [
              "CSCvq88209"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3261",
    "datePublished": "2020-04-15T20:11:15.286172Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:28:53.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3261\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2020-04-15T21:15:36.060\",\"lastModified\":\"2020-04-29T18:38:26.217\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del Software Cisco Mobility Express podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de  tipo cross-site request forgery (CSRF) sobre un sistema afectado. La vulnerabilidad es debido a insuficientes protecciones de CSRF para la interfaz de administraci\u00f3n basada en web sobre un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al persuadir a un usuario con una sesi\u00f3n activa en un dispositivo afectado para que siga un enlace malicioso. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante llevar a cabo acciones arbitrarias, incluyendo la modificaci\u00f3n de la configuraci\u00f3n, con el nivel de privilegio del usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AE916B2-CAAD-4508-A47E-A7D4D88B077A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1542i_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"4743D728-DE98-4ECF-9C19-495D74F8E26B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1542i_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CD95A3A-ECAD-4464-B7B1-C9A8F4D4FE4E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DB7510-2741-464A-8FC9-8419985E330F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1542d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"33B38D29-731C-46FD-8937-2CCB75CCBE9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1542d_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CC3DD26-1AEB-4E02-92C3-2B72AC552AC1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D27AB201-342D-4517-9E05-6088598F4695\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1562i_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"34C96EE1-C7B8-4473-A7CB-5484CAAA5A67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1562i_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B05F6D72-0E41-4436-B4B8-436BF13AA152\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99EAEA92-6589-4DFB-BC4B-8CBA425452D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1562e_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"C36C2A23-8B4A-4A01-9947-30D5A763DE1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1562e_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28198B57-F0D0-46B8-8FCB-8D239C150DFB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D717945-EE41-4D0F-86EF-90826EBE9C3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1562d_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"C68430E0-1022-4F34-BEA9-DC68B8A7662E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1562d_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F48A0DB5-65D7-4272-B7C0-52888346A650\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8BF9DDB-884D-47B5-A295-8BFA5207C412\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1815_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"C1DDF107-2C92-4479-AF05-FE81305E4D34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1815_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C85C7BC2-1A61-4347-A6CC-9429F4DE086A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1830:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"093AB3A8-853B-4094-BFB5-6A8775AAA8D3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1830_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"5DAB9A21-B740-4B43-AF53-5A96D1D39659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1830_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59E830C6-3580-473D-98BD-E0E544ED4185\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1840:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69CA9D6-914D-436F-AA81-B218CC312D29\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1840_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"1DEE5B56-01C3-4C96-9ED5-4EC8245B3AC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1840_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33866E28-2081-46FA-83C6-957C031682F1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1850_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"13A84D4B-F455-4838-9C1E-6B13BCCA0B72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_1850_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAB0CEC3-BBEF-4103-B952-2813596E0C2F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_1850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE0B76A8-377E-4176-8F04-B0D468D4E767\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_2800i_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"B14D6BC8-C900-47C3-9CB6-A705CAB526EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_2800i_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F05A57CB-944C-4BC0-86BE-098E9001F4AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD1D5813-9223-4B3F-9DE2-F3EF854FC927\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_2800e_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"16C65C71-9805-4CE9-9612-504CA83A923A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_2800e_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC00793-2FA7-4828-9982-D148C82229AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"098A82FF-95F7-416A-BADD-C57CE81ACD32\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_3800i_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"13219F7A-9396-44D9-B01C-AAD44DD350A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_3800i_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C32AA518-D8B0-4836-A1A0-79EAE97A9B85\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"945DDBE7-6233-416B-9BEE-7029F047E298\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_3800e_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"115A547A-9CB9-4488-9BAF-5222A16E5264\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_3800e_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CF1D2BA-0293-4323-8295-76A9F6D0DC72\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10D7583E-2B61-40F1-B9A6-701DA08F8CDF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_3800p_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"515B7F08-03BA-4BC9-A663-930C2FC6E003\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_3800p_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F59162B-4AD3-4AFC-9A83-266531B37BC4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ED89428-750C-4C26-B2A1-E3D63F8B3F44\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_4800_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"A96FD2AD-66EF-4E40-ADA8-6B04CDC16C0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:aironet_4800_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4D7F5DD-253F-4838-9D03-881138F52EAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4D8A4CB-5B80-4332-BCBC-DA18AD94D215\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:catalyst_iw6300_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"7F48F9C4-58D2-4B15-9BC3-E90DC1E82399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:catalyst_iw6300_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"220BA40C-28C6-4CBB-B35C-FDDDD89DBEF1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C559D6F7-B432-4A2A-BE0E-9697CC412C70\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:6300_series_access_points_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0\",\"versionEndExcluding\":\"8.8.130.0\",\"matchCriteriaId\":\"8B7F56FF-85B8-49B2-858D-A6FA4C1C5CD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:6300_series_access_points_firmware:8.10\\\\(1.255\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"543A29BF-3166-4EF9-A075-50EB9CB0E9FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:6300_series_access_points:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E6F57DE-E039-49D7-B240-48CBD9CACD6C\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.