Aironet 1542I Firmware
CVE-2020-3261
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.
AnalysisAI
A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user. Affected products include: Cisco Aironet 1542I Firmware, Cisco Aironet 1542D Firmware, Cisco Aironet 1562I Firmware, Cisco Aironet 1562E Firmware, Cisco Aironet 1562D Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.
More in Aironet 1542I Firmware
View allThe 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn
An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. Rated medium severity (CVSS 6.5), this v
A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authe
An issue was discovered in the kernel in NetBSD 7.1. Rated medium severity (CVSS 5.3), this vulnerability is no authenti
A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to caus
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adja
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today