Skip to main content

Observium CVE-2020-25142

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2020-09-25 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 25, 2020 - 18:15 nvd
MEDIUM 6.5

DescriptionNVD

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.

AnalysisAI

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI. Affected products include: Observium.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2020-25132 CRITICAL POC
9.8 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated critical severity (CVSS 9.8)

CVE-2020-25136 HIGH POC
8.8 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated high severity (CVSS 8.8), th

CVE-2020-25130 MEDIUM POC
6.5 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.5),

CVE-2020-25148 MEDIUM POC
6.1 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1),

CVE-2020-25146 MEDIUM POC
6.1 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1),

CVE-2020-25141 MEDIUM POC
6.1 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1),

CVE-2020-25139 MEDIUM POC
6.1 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1),

CVE-2020-25138 MEDIUM POC
6.1 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1),

CVE-2020-25137 MEDIUM POC
6.1 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1),

CVE-2020-25135 MEDIUM POC
6.1 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1),

CVE-2020-25131 MEDIUM POC
6.1 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated medium severity (CVSS 6.1),

CVE-2020-25147 CRITICAL
9.8 Sep 25

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. Rated critical severity (CVSS 9.8)

Share

CVE-2020-25142 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy