CVE-2020-3261 — MEDIUM (6.5)

Q: How severe is CVE-2020-3261?

CVE-2020-3261 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-3261?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet 1542I Firmware, Cisco Aironet 1542I, Cisco Aironet 1542D Firmware, Cisco Aironet 1542D, Cisco Aironet 1562I Firmware.

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Aironet 1542I Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1542I	-
Cisco	Aironet 1542D Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1542D	-
Cisco	Aironet 1562I Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1562I	-
Cisco	Aironet 1562E Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1562E	-
Cisco	Aironet 1562D Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1562D	-
Cisco	Aironet 1815 Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1815	-
Cisco	Aironet 1830 Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1830	-
Cisco	Aironet 1840 Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1840	-
Cisco	Aironet 1850 Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 1850	-
Cisco	Aironet 2800I Firmware	>= 8.0, < 8.8.130.0
Cisco	Aironet 2800I	-

Related Weaknesses (CWE)

CWE-352

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mVendor Advisory

FAQ

What is CVE-2020-3261?

CVE-2020-3261 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the web-based management interface of Cisco Mobility Express Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an aff...

How severe is CVE-2020-3261?

CVE-2020-3261 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3261?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet 1542I Firmware, Cisco Aironet 1542I, Cisco Aironet 1542D Firmware, Cisco Aironet 1542D, Cisco Aironet 1562I Firmware.