CVE-2020-3261

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1542i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1542i_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1542d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1542d_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1562i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1562i_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1562e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1562e_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1562d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1562d_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1815_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1815_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1830_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1830_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1830:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1840_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1840_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1840:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:cisco:aironet_1850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_1850_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1850:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
OR cpe:2.3:o:cisco:aironet_2800i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_2800i_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:cisco:aironet_2800e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_2800e_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:cisco:aironet_3800i_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_3800i_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:cisco:aironet_3800e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_3800e_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
OR cpe:2.3:o:cisco:aironet_3800p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_3800p_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
OR cpe:2.3:o:cisco:aironet_4800_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_4800_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
OR cpe:2.3:o:cisco:catalyst_iw6300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:catalyst_iw6300_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
OR cpe:2.3:o:cisco:6300_series_access_points_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:6300_series_access_points_firmware:8.10\(1.255\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:6300_series_access_points:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:30

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24 - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24 - Vendor Advisory

Information

Published : 2020-04-15 21:15

Updated : 2024-11-21 05:30


NVD link : CVE-2020-3261

Mitre link : CVE-2020-3261

CVE.ORG link : CVE-2020-3261


JSON object : View

Products Affected

cisco

  • aironet_1562d
  • aironet_2800i_firmware
  • 6300_series_access_points_firmware
  • aironet_1542i_firmware
  • aironet_1850
  • aironet_2800e
  • catalyst_iw6300_firmware
  • aironet_1830_firmware
  • aironet_1830
  • aironet_1840
  • aironet_3800i
  • aironet_1850_firmware
  • aironet_4800
  • aironet_2800i
  • aironet_1562e
  • aironet_1815_firmware
  • aironet_3800i_firmware
  • aironet_3800e_firmware
  • aironet_3800e
  • aironet_3800p_firmware
  • aironet_2800e_firmware
  • aironet_1542d_firmware
  • aironet_1815
  • aironet_1542i
  • catalyst_iw6300
  • aironet_1562d_firmware
  • 6300_series_access_points
  • aironet_3800p
  • aironet_1542d
  • aironet_4800_firmware
  • aironet_1562e_firmware
  • aironet_1840_firmware
  • aironet_1562i_firmware
  • aironet_1562i
CWE
CWE-352

Cross-Site Request Forgery (CSRF)