Vulnerability Description
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Belden Hirschmann | Gecko Lite Managed Switch Firmware | <= 2.0.00 |
| Belden Hirschmann | Gecko Lite Managed Switch | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02AMitigationThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02AMitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-6038?
CVE-2017-6038 is a vulnerability with a CVSS score of 7.1 (HIGH). A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were...
How severe is CVE-2017-6038?
CVE-2017-6038 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6038?
Check the references section above for vendor advisories and patch information. Affected products include: Belden Hirschmann Gecko Lite Managed Switch Firmware, Belden Hirschmann Gecko Lite Managed Switch.